Vdsl2 C Cli User Guide

SI3000 VDSL2
User guide (CLI)
User guide (CLI)
The Table of Contents contains 10 pages. The document contains 179 pages. Document ident. no.: KSS65250A-EDE-030
All rights reserved. Technical specifications and features are binding insofar as they are specifically and expressly agreed upon in a written contract. Technical modifications possible.
User guide (CLI)
Table of contents
1 About this document .......................................................................................................................... 1
1.1 Purpose............................................................................................................................................. 1 1.2 Intended audience ............................................................................................................................ 1 1.3 Document organization ..................................................................................................................... 1 1.4 Conventions ...................................................................................................................................... 2 1.4.1 Additional text marking ............................................................................................................... 2 1.4.2 Command line interface (CLI) .................................................................................................... 2 2 Using the command-line interface .................................................................................................... 3
2.1 Modes ............................................................................................................................................... 3 2.2 Command syntax .............................................................................................................................. 3 2.3 Parameter values .............................................................................................................................. 4 2.4 No forms ........................................................................................................................................... 4 2.5 Command completion and abbreviation ........................................................................................... 5 2.6 Help................................................................................................................................................... 5 2.7 Special key combinations ................................................................................................................. 6 2.8 Messages ......................................................................................................................................... 6 2.9 Command logging ............................................................................................................................. 6 2.10 Changing the printout limit ................................................................................................................ 7 2.10.1 Displaying the CLI settings ........................................................................................................ 7 2.11 Changing the system prompt ............................................................................................................ 8 3 User management ............................................................................................................................... 8
3.1 Understanding .................................................................................................................................. 8 3.1.1 Default users .............................................................................................................................. 8 3.1.2 User authentication .................................................................................................................... 8 3.1.3 Remote authentication dial-in user service (RADIUS) ............................................................... 9 3.2 Default settings ................................................................................................................................. 9 3.3 Configuring local users ..................................................................................................................... 9 3.3.1 Adding a user ............................................................................................................................. 9 3.3.2 Setting the user password ....................................................................................................... 10 3.3.3 Creating an authentication list.................................................................................................. 11 3.3.4 Assigning an authentication login list to a user ........................................................................ 11 3.3.5 Assigning the authentication list for non-configured users ...................................................... 12 3.4 Configuring RADIUS client ............................................................................................................. 13 3.4.1 Configuring the RADIUS servers ............................................................................................. 13 3.4.2 Displaying the RADIUS client and the RADIUS server settings .............................................. 15 3.4.3 Clearing the RADIUS statistics ................................................................................................ 15 3.4.4 Displaying the RADIUS server statistics .................................................................................. 16 4 VLAN configuration ...........................................................................................................................16
4.1 Understanding ................................................................................................................................ 16 4.1.1 VLAN ........................................................................................................................................ 16 4.1.2 Q-in-Q ...................................................................................................................................... 17 4.1.3 Selective Q-in-Q ....................................................................................................................... 17 4.2 Default settings ............................................................................................................................... 17 4.2.1 VLAN ........................................................................................................................................ 17 4.2.2 Q in Q ....................................................................................................................................... 18
II
User guide (CLI)
4.2.3 Selective Q in Q ....................................................................................................................... 18 4.3 Configuring VLAN ........................................................................................................................... 18 4.3.1 Configuring user ports as VLAN access .................................................................................. 18 4.3.1.1 Prerequisites ............................................................................................................................. 18 4.3.1.2 Network diagram ....................................................................................................................... 19 4.3.1.3 Data plan .................................................................................................................................. 19 4.3.1.3.1 Configuring the Ethernet switch blade ............................................................................. 20 4.3.1.3.2 Configuring the VDSL2 blade ........................................................................................... 20 4.3.1.3.3 Displaying VDSL2 VLAN information ............................................................................... 21 4.3.2 Configuring user ports as VLAN trunk ..................................................................................... 22 4.3.2.1 Prerequisites ............................................................................................................................. 22 4.3.2.2 Network diagram ....................................................................................................................... 23 4.3.2.3 Data plan .................................................................................................................................. 24 4.3.2.3.1 Configuring the Ethernet switch blade ............................................................................. 24 4.3.2.3.2 Configuring the VDSL2 blade ........................................................................................... 25 4.3.2.3.3 Displaying VDSL2 VLAN information ............................................................................... 25 4.4 Configuring Q-in-Q .......................................................................................................................... 26 4.4.1 Configuring user ports as tunnel ports ..................................................................................... 26 4.4.1.1 Prerequisites ............................................................................................................................. 26 4.4.1.2 Network diagram ....................................................................................................................... 27 4.4.1.3 Data plan .................................................................................................................................. 28 4.4.1.3.1 Configuring the Ethernet switch blade ............................................................................. 28 4.4.1.3.2 Configuring the VDSL2 blade ........................................................................................... 29 4.4.1.3.3 Displaying VDSL2 VLAN information ............................................................................... 29 4.4.2 Configuring user ports as stacking ports .................................................................................. 30 4.4.2.1 Prerequisites ............................................................................................................................. 30 4.4.2.2 etwork diagram ......................................................................................................................... 31 4.4.2.3 Data plan .................................................................................................................................. 32 4.4.2.3.1 Configuring the Ethernet switch blade ............................................................................. 32 4.4.2.3.2 Configuring the VDSL2 blade ........................................................................................... 33 4.4.2.3.3 Displaying VDSL2 VLAN information ............................................................................... 33 4.5 Configuring selective Q in Q ........................................................................................................... 34 4.5.1 Configuring user ports as selective Q-in-Q ports ..................................................................... 34 4.5.1.1 Prerequisites ............................................................................................................................. 34 4.5.1.2 Network diagram ....................................................................................................................... 35 4.5.1.3 Data plan .................................................................................................................................. 36 4.5.1.3.1 Configuring the Ethernet switch blade ............................................................................. 36 4.5.1.3.2 Configuring the VDSL2 blade ........................................................................................... 37 4.5.1.3.3 Displaying VDSL2 VLAN information ............................................................................... 37 5 Multicast configuration .................................................................................................................... 38
5.1 Understanding ................................................................................................................................. 38 5.1.1 IGMP versions .......................................................................................................................... 39 5.2 Default settings ............................................................................................................................... 39 5.3 Configuring IGMP v2 snooping ....................................................................................................... 39 5.3.1 Prerequisites ............................................................................................................................ 39 5.3.2 Network datagram .................................................................................................................... 40 5.3.3 Data plan .................................................................................................................................. 41 5.3.3.1 Configuring the Ethernet switch blade ...................................................................................... 41 5.3.3.2 Configuring the VDSL2 blade ................................................................................................... 42 5.4 Configuring IGMP enhanced fast leave .......................................................................................... 42 5.4.1 Prerequisites ............................................................................................................................ 43 5.4.2 Network datagram .................................................................................................................... 43 5.4.3 Data plan .................................................................................................................................. 44 5.4.3.1 Configuring the Ethernet switch blade ...................................................................................... 44
User guide (CLI)
III
5.4.3.2 Configuring the VDSL2 blade ................................................................................................... 45 5.5 Configuring IGMP snooping with suppression................................................................................ 45 5.5.1 Prerequisites ............................................................................................................................ 46 5.5.2 Network datagram .................................................................................................................... 46 5.5.3 Data plan .................................................................................................................................. 47 5.5.3.1 Configuring the Ethernet switch blade ...................................................................................... 47 5.5.3.2 Configuring the VDSL2 blade ................................................................................................... 48 5.6 Configuring IGMP multicast VLAN registration............................................................................... 49 5.6.1 Prerequisites ............................................................................................................................ 49 5.6.2 Network datagram .................................................................................................................... 50 5.6.3 Data plan .................................................................................................................................. 51 5.6.3.1 Configuring the Ethernet switch blade ...................................................................................... 51 5.6.3.2 Configuring the VDSL2 blade ................................................................................................... 52 5.7 Configuring IGMP multicast VLAN registration for provider edge bridges (MVR-PEB) ................. 53 5.7.1.1 Prerequisites ............................................................................................................................. 53 5.7.2 Network datagram .................................................................................................................... 54 5.7.3 Data plan .................................................................................................................................. 55 5.7.3.1 Configuring the Ethernet switch blade ...................................................................................... 55 5.7.3.2 Configuring the VDSL2 blade ................................................................................................... 56 5.8 Configuring IGMP call admission control (CAC)............................................................................. 57 5.8.1 Prerequisites ............................................................................................................................ 57 5.8.2 Network datagram .................................................................................................................... 58 5.8.3 Data plan .................................................................................................................................. 59 5.8.3.1 Configuring the Ethernet switch blade ...................................................................................... 59 5.8.3.2 Configuring the VDSL2 blade ................................................................................................... 60 5.8.4 Configuring IGMP static multicast groups ................................................................................ 60 5.8.5 Prerequisites ............................................................................................................................ 61 5.8.6 Network datagram .................................................................................................................... 61 5.8.7 Data plan .................................................................................................................................. 62 5.8.7.1 Configuring the Ethernet switch blade ...................................................................................... 62 5.8.7.2 Configuring the VDSL2 blade ................................................................................................... 63 5.9 Configuring multicast access lists ................................................................................................... 63 5.9.1 Prerequisites ............................................................................................................................ 64 5.9.2 Network datagram .................................................................................................................... 64 5.9.3 Data plan .................................................................................................................................. 65 5.9.4 Configuring the Ethernet switch blade ..................................................................................... 65 5.9.4.1 Configuring the VDSL2 blade ................................................................................................... 66 5.10 Configuring the standalone IGMP querier ...................................................................................... 67 5.10.1 Prerequisites ............................................................................................................................ 67 5.10.2 Network datagram .................................................................................................................... 68 5.10.3 Data plan .................................................................................................................................. 69 5.10.3.1 Configuring the Ethernet switch blade ...................................................................................... 69 5.10.3.2 Configuring the VDSL2 blade ................................................................................................... 70 5.11 Configuring IGMP filtering............................................................................................................... 70 5.11.1 Prerequisites ............................................................................................................................ 70 5.11.2 Network datagram .................................................................................................................... 71 5.11.3 Data plan .................................................................................................................................. 72 5.11.3.1 Configuring the Ethernet switch blade ...................................................................................... 72 5.11.3.2 Configuring the VDSL2 blade ................................................................................................... 73 6 User security configuration .............................................................................................................73
6.1 Understanding ................................................................................................................................ 73 6.2 Default settings ............................................................................................................................... 75 6.3 Configuring a protected port ........................................................................................................... 75 6.3.1 Enabling port protection ........................................................................................................... 75
IV
User guide (CLI)
6.3.2 Enabling mn port protection ..................................................................................................... 76 6.4 Configuring MAC source guard ...................................................................................................... 76 6.4.1 Prerequisites ............................................................................................................................ 76 6.4.2 Network datagram .................................................................................................................... 77 6.4.2.1 Configuring the Ethernet switch blade ...................................................................................... 77 6.4.2.2 Configuring the VDSL2 blade ................................................................................................... 78 6.4.2.3 Displaying the VDSL2 MAC source guard parameters ............................................................ 78 6.4.2.4 Displaying the error-disabled detection administrative state cause ......................................... 79 6.4.2.5 Displaying the error-disabled recovery interval ........................................................................ 79 To display the error-disabled recovery interval: ..................................................................................... 79 6.4.2.6 Displaying the error-disabled interface statistics ...................................................................... 79 To display the error-disabled interface statistics: ................................................................................... 79 6.5 Configuring DHCP Relay Agent ...................................................................................................... 79 6.5.1 Understanding .......................................................................................................................... 80 6.5.1.1 DHCP filtering ........................................................................................................................... 81 6.5.2 Default DHCP RA settings ....................................................................................................... 81 6.5.3 Displaying DHCP RA settings .................................................................................................. 81 6.5.3.1 Displaying DHCP RA global configuration and statistics .......................................................... 82 6.5.3.2 Displaying major DHCP RA interface configuration ................................................................. 82 6.5.3.3 Displaying DHCP RA parameters and statistics on the interface ............................................. 82 6.5.3.4 Displaying VLAN specfic DHCP RA parameters ...................................................................... 83 6.5.3.5 Displaying DHCP server configuration for incoming VLAN-s ................................................... 83 6.5.4 Configuring DHCP RA global settings ..................................................................................... 84 6.5.4.1 Setting default DHCP RA server for all access VLAN-s ........................................................... 84 6.5.4.2 Setting or removing different DHCP RA server for particular access VLAN ............................ 84 6.5.4.3 Enabling or disabling DHCP RA generally ............................................................................... 85 6.5.4.4 Setting DHCP RA mode to full or simplified mode ................................................................... 85 6.5.4.5 Setting DHCP RA circuit type to trusted or untrusted ............................................................... 86 6.5.4.6 Enabling or disabling insertion of option 82 .............................................................................. 86 6.5.4.7 Enabling or disabling addition of circuit ID globally .................................................................. 86 6.5.4.8 Enabling or disabling addition of remote ID globally ................................................................ 87 6.5.4.9 Keeping or removing option 82 in reply .................................................................................... 87 6.5.4.10 Enabling or disabling option 82 unicast extension ................................................................... 87 6.5.5 Configuring Interfaces .............................................................................................................. 88 6.5.5.1 Enabling processing of DHCP RA requests and replies on the interface ................................ 88 6.5.5.2 Enable processing of DHCP RA requests on the interface ...................................................... 88 6.5.5.3 Enable processing of DHCP RA replies on the interface ......................................................... 89 6.5.5.4 Disable DHCP RA on the interface ........................................................................................... 89 6.5.5.5 Setting or unconfiguring interface's circuit type ........................................................................ 89 6.5.5.6 Setting or unconfiguring insertion of option 82 on the interface ............................................... 90 6.5.5.7 Setting or unconfiguring option 82 in replies on the interface .................................................. 90 6.5.5.8 Setting or unconfiguring option 82 unicast extension on the interface ..................................... 90 6.5.5.9 Allowing or banning debugging on the interface ...................................................................... 91 6.5.5.10 Setting interface's remote-id ..................................................................................................... 91 6.5.5.11 Enabling or disabling overload protection................................................................................. 91 6.5.5.12 Setting interface's DHCP RA port throughput .......................................................................... 92 6.6 Configuring PPPoE intermediate agent .......................................................................................... 92 6.6.1 Understanding .......................................................................................................................... 93 6.6.2 Default PPPoE IA settings ....................................................................................................... 94 6.6.3 Configuring PPPoE IA bridge parameters ............................................................................... 94 6.6.3.1 Setting PPPoE IA functionality in general................................................................................. 94 6.6.3.2 Configuring interface parameters ............................................................................................. 94 6.6.3.3 Configuring xDSL line remote ID .............................................................................................. 94 6.6.3.4 Displaying status and summary statistics of PPPoE IA ............................................................ 95 6.6.3.5 Displaying current PPPoE IA information on the specified interface ........................................ 95
User guide (CLI)
6.6.3.6 Displaying current PPPoE IA information on all interfaces ...................................................... 95 6.6.3.7 Setting PPPoE IA trusted or untrusted mode of operation ....................................................... 96 6.7 Configuring IP Source Guard ......................................................................................................... 96 6.7.1 Understanding .......................................................................................................................... 96 6.7.2 Default IPSG settings ............................................................................................................... 96 6.7.3 General settings ....................................................................................................................... 97 6.7.3.1 Setting IPSG functionality in general ........................................................................................ 97 6.7.3.2 Storing of IPSG binding table settings ...................................................................................... 97 6.7.3.3 Specifying IPSG binding's entry limit for all interfaces ............................................................. 97 6.7.3.4 Specifying type of filtering for interfaces ................................................................................... 98 6.7.4 Configuration of interface parameters ..................................................................................... 98 6.7.4.1 Setting the interface's state ...................................................................................................... 98 6.7.4.2 Specifying IPSG binding's entry limit for interfaces .................................................................. 99 6.7.4.3 Specifying type of filtering for interfaces ................................................................................... 99 6.7.5 Displaying IPSG settings ......................................................................................................... 99 6.7.5.1 Displaying general IPSG settings on all interfaces ................................................................ 100 6.7.5.2 Displaying IPSG settings on the interface .............................................................................. 100 7 System security configuration .......................................................................................................101
7.1 Understanding .............................................................................................................................. 101 7.1.1 Remote access filtering .......................................................................................................... 101 7.1.2 Storm control .......................................................................................................................... 101 7.2 Default settings ............................................................................................................................. 102 7.2.1 Remote access filtering .......................................................................................................... 102 7.2.2 Storm control .......................................................................................................................... 102 7.3 Configuring remote access filtering .............................................................................................. 103 7.3.1 Creating a filtering rule ........................................................................................................... 103 7.3.2 Removing a filtering rule ........................................................................................................ 103 7.3.3 Displaying the table of filtering rules ...................................................................................... 104 7.4 Configuring storm control.............................................................................................................. 104 7.4.1 Enabling/disabling storm control for all interfaces ................................................................. 104 7.4.2 Enabling/disabling storm control for one interface ................................................................. 104 7.4.3 Configuring threshold for all interfaces .................................................................................. 105 7.4.4 Configuring threshold for one interface .................................................................................. 105 7.4.5 Show storm control state for all interfaces ............................................................................. 105 7.4.6 Show storm control state for one interface ............................................................................ 106 8 ACL configuration ...........................................................................................................................106
8.1 Configuring ACL ........................................................................................................................... 106 8.1.1 nderstanding ACL .................................................................................................................. 107 8.1.2 Configuring L2 ACL on user ports.......................................................................................... 107 8.1.2.1 Prerequisites ........................................................................................................................... 107 8.1.2.2 Network datagram .................................................................................................................. 108 8.1.2.3 Data plan ................................................................................................................................ 108 8.1.2.3.1 Configuring the Ethernet switch blade ........................................................................... 109 8.1.2.3.2 Configuring the VDSL2 blade ......................................................................................... 109 8.1.2.3.3 Displaying VDSL2 ACL information ............................................................................... 109 8.1.3 Configuring user ports L3-L4 ACL ......................................................................................... 110 8.1.3.1 Prerequisites ........................................................................................................................... 110 8.1.3.2 Network datagram .................................................................................................................. 111 8.1.3.3 Data plan ................................................................................................................................ 111 8.1.3.3.1 Configuring the Ethernet switch blade ........................................................................... 112 8.1.3.3.2 Configuring the VDSL2 blade ......................................................................................... 112 8.1.3.3.3 Displaying VDSL2 ACL information ............................................................................... 112
VI
User guide (CLI)
Configuring Quality of Service ...................................................................................................... 113
9.1 Understanding Quality of Service ................................................................................................. 113 9.2 Default QoS settings ..................................................................................................................... 114 9.3 Configuring trust zones ................................................................................................................. 114 9.3.1 Prerequisites .......................................................................................................................... 114 9.3.2 Network datagram .................................................................................................................. 115 9.3.3 Data plan ................................................................................................................................ 116 9.3.3.1 Configuring the Ethernet switch blade .................................................................................... 116 9.3.3.2 Configuring the VDSL2 blade ................................................................................................. 116 9.4 Configuring egress queuing using LLQ algorithm ........................................................................ 117 9.4.1 Prerequisites .......................................................................................................................... 117 9.4.2 Network datagram .................................................................................................................. 118 9.4.3 Data plan ................................................................................................................................ 118 9.4.3.1 Configuring the Ethernet switch blade .................................................................................... 119 9.4.3.2 Configuring the VDSL2 blade ................................................................................................. 119 9.5 Configuring differentiate services: Any incoming traffic -> classified, marked to new L2 COS values and policed ........................................................................................................................ 120 9.5.1 Prerequisites .......................................................................................................................... 120 9.5.2 Network datagram .................................................................................................................. 121 9.5.3 Data plan ................................................................................................................................ 121 9.5.3.1 Configuring the Ethernet switch blade .................................................................................... 122 9.5.3.2 Configuring the VDSL2 blade ................................................................................................. 122 9.6 L2 traffic incoming ->some traffic dropped some redirected to new egress interface other transmitted & part shaped in downstream direction ............................................................ 123 9.6.1 Prerequisites .......................................................................................................................... 124 9.6.2 Network datagram .................................................................................................................. 124 9.6.3 Data plan ................................................................................................................................ 124 9.6.3.1 Configuring the Ethernet switch blade .................................................................................... 125 9.6.3.2 Configuring the VDSL2 blade ................................................................................................. 125 9.7 Part of L3 traffic interested ->some marked with L3 DSCP & policed, other passed ................... 126 9.7.1 Prerequisites .......................................................................................................................... 126 9.7.2 Network datagram .................................................................................................................. 127 9.7.3 Data plan ................................................................................................................................ 128 9.7.3.1 Configuring the Ethernet switch blade .................................................................................... 128 9.7.3.2 Configuring the VDSL2 blade ................................................................................................. 128 9.8 Typical 3ply traffic -> traffic types are recognized, marked with L3 preferred values, policed in upstream to different values if needed & shaped in downstream ........................................ 129 9.8.1 Prerequisites .......................................................................................................................... 129 9.8.2 Network datagram .................................................................................................................. 130 9.8.3 Data plan ................................................................................................................................ 131 9.8.3.1 Configuring the Ethernet switch blade .................................................................................... 131 9.8.3.2 Configuring the VDSL2 blade ................................................................................................. 131 10 System management configuration ............................................................................................. 132
10.1 Understanding ............................................................................................................................... 132 10.1.1 DHPC client ............................................................................................................................ 132 10.1.2 SNTP ...................................................................................................................................... 132 10.1.3 Diagnosis connectivity problems ............................................................................................ 133 10.1.4 Aging time .............................................................................................................................. 133 10.2 Default settings ............................................................................................................................. 133 10.2.1 Traceroute .............................................................................................................................. 133 10.2.2 Aging time .............................................................................................................................. 133 10.3 Configuring DHCP Client .............................................................................................................. 133 10.3.1 Configuring the DHCP Client ................................................................................................. 133
User guide (CLI)
VII
10.3.2 Configuring the network parameters ...................................................................................... 134 10.3.3 Configuring the management VLAN ID ................................................................................. 134 10.3.3.1 Displaying status of the network ............................................................................................. 134 10.4 Configuring SNTP ......................................................................................................................... 134 10.4.1 Configuring the SNTP server ................................................................................................. 134 10.4.1.1 Displaying SNTP settings ....................................................................................................... 135 10.5 Diagnosis connectivity problems .................................................................................................. 135 10.5.1 Displaying traceroute ............................................................................................................. 135 10.5.2 Executing ping........................................................................................................................ 135 10.6 Managing the MAC address table ................................................................................................ 136 10.6.1 Configuring aging time ........................................................................................................... 136 10.6.1.1 Displaying the timeout for address aging ............................................................................... 136 10.6.1.2 Displaying the MAC table ....................................................................................................... 136 11 VDSL2 interface configuration .......................................................................................................137
11.1 Understanding .............................................................................................................................. 137 11.1.1 Transmit power and power spectral density .......................................................................... 138 11.1.2 Crosstalk ................................................................................................................................ 138 11.1.3 Signal-to-noise ratio (SNR) .................................................................................................... 138 11.1.4 Margin .................................................................................................................................... 138 11.1.5 Seamless rate adaptation (SRA) ........................................................................................... 138 11.1.6 Bit swapping ........................................................................................................................... 139 11.1.7 Impulse noise protection (INP) ............................................................................................... 139 11.1.8 Retransmission of packets ..................................................................................................... 141 11.1.9 Upstream power back-off (UPBO) ......................................................................................... 141 11.1.10 PSD masks ......................................................................................................................... 141 11.1.11 VDSL2 frequency profiles ................................................................................................... 142 11.1.12 VDSL2 Interoperability and ADSL2+ Backward Compatibility ............................................ 143 11.2 Managing DSL profiles ................................................................................................................. 143 11.2.1 DSL profile parameters, descriptions and values .................................................................. 143 11.2.2 Port specific parameters, descriptions and values ................................................................ 145 11.2.3 Displaying a list of default profiles.......................................................................................... 148 11.2.4 Displaying detailed settings of a single profile ....................................................................... 148 11.2.5 Displaying interfaces with assigned DSL profiles .................................................................. 149 11.2.6 Displaying details of a DSL profile assigned to interface ....................................................... 150 11.2.7 Creating a new profile ............................................................................................................ 150 11.2.8 Modifying the DSL profile values ........................................................................................... 151 11.2.9 Modifying port specific parameters and values ...................................................................... 151 11.3 Managing the VDSL2 interface ..................................................................................................... 151 11.3.1 Activating the interface ........................................................................................................... 151 11.3.2 Resetting the interface ........................................................................................................... 152 11.3.3 Adding a RF notch with suppressed bandwidth ..................................................................... 153 11.3.4 Configuring seamless rate adaptation (SRA) ........................................................................ 153 11.3.5 Configuring impulse noise reduction (INP) ............................................................................ 154 11.3.6 Configuring retransmission .................................................................................................... 154 11.3.7 Configuring upstream power-back-off (UPBO) ...................................................................... 155 11.3.8 Displaying the interface state ................................................................................................. 155 11.3.9 Displaying the current values of DSL line, ............................................................................. 155 11.3.10 Displaying the port performance counters .......................................................................... 156 11.3.11 Displaying the CPE vendor information .............................................................................. 157 11.3.12 Displaying the System state................................................................................................ 157 11.3.13 Displaying the firmware version .......................................................................................... 158 11.4 Managing PSD masks .................................................................................................................. 158 11.4.1 Standardized PSD class masks ............................................................................................. 158 11.4.1.1 Assigning a PSD class mask to a specific interface ............................................................... 159
VIII
User guide (CLI)
11.4.2 Custom PSD masks ............................................................................................................... 159 11.4.2.1 Downstream PSD masks ........................................................................................................ 159 11.4.2.2 Upstream PSD masks ............................................................................................................ 160 11.4.2.3 Displaying detailed information of a PSD mask ..................................................................... 161 11.4.2.4 Creating a custom PSD mask ................................................................................................ 161 11.4.2.5 Modifying the frequency and max transmission power .......................................................... 162 11.4.2.6 Assigning a PSD mask to a specific interface ........................................................................ 162 11.4.2.6.1 Displaying assigned PSD masks to all interfaces ........................................................ 162 11.4.2.6.2 Displaying a PSD mask assigned to a specific interface ............................................. 164 12 Managing alarms and diagnostic tests ........................................................................................ 165
12.1 Understanding ............................................................................................................................... 165 12.1.1 Alarms .................................................................................................................................... 165 12.1.2 Diagnostic tests ...................................................................................................................... 165 12.2 Configuring the alarms .................................................................................................................. 166 12.2.1 Configuring the alarm filter ..................................................................................................... 166 12.2.1.1 Displaying the alarm filter ....................................................................................................... 166 12.2.2 Configuring the alarm severity ............................................................................................... 166 12.2.2.1 Displaying the alarm severities ............................................................................................... 167 12.2.3 Configuring the error measure activity ................................................................................... 167 12.2.4 Displaying the alarm list ......................................................................................................... 167 12.2.5 Displaying recently reported alarms ....................................................................................... 168 12.2.6 Displaying the alarm detail ..................................................................................................... 169 12.3 Configuring the diagnostic tests .................................................................................................... 169 12.3.1 Configuring activity of a diagnostic test .................................................................................. 169 12.3.2 Configuring priority of a diagnostic test .................................................................................. 169 12.3.3 Configuring the cyclic time of a diagnostic test ...................................................................... 170 12.3.4 Displaying the diagnostic test programs ................................................................................ 170 13 Managing DSL tests ....................................................................................................................... 171
13.1 Understanding ............................................................................................................................... 171 13.1.1 SELT test................................................................................................................................ 171 13.1.2 DELT test ............................................................................................................................... 171 13.1.3 OLT tests ................................................................................................................................ 171 13.2 Starting SELT tests ....................................................................................................................... 171 13.2.1 Displaying the SELT test results ............................................................................................ 172 13.3 Starting DELT tests ....................................................................................................................... 172 13.3.1 Displaying the DELT status results ........................................................................................ 173 13.3.2 Displaying the DELT band results .......................................................................................... 173 13.3.3 Displaying the DELT segment results .................................................................................... 174 13.3.3.1 Example for logarithmic transfer function ............................................................................... 174 13.3.3.2 Example for quiet line noise function ...................................................................................... 175 13.3.3.3 Example for signal to noise ratio function ............................................................................... 176 13.4 Displaying OLT results .................................................................................................................. 177 13.4.1 Example for bit allocation function ......................................................................................... 177 13.4.2 Example for bit allocation function ......................................................................................... 178 13.4.3 Example for signal to noise ratio function .............................................................................. 179
User guide (CLI)
IX
List of figures
Figure 3-1: An example of network with two RADIUS servers ................................................................... 13 Figure 4-1: Sample network topology for VLAN tests (access).................................................................. 19 Figure 4-2: Sample network topology for VLAN tests (trunk) ..................................................................... 23 Figure 4-3: Sample network topology for Q-in-Q tunneling tests ............................................................... 27 Figure 4-4: Sample network topology for Q-in-Q stacking tests................................................................. 31 Figure 4-5: Sample network topology for selective Q-in-Q tests ................................................................ 35 Figure 5-1: Sample network topology for IGMP snooping tests ................................................................. 40 Figure 5-2: Sample network topology for IGMP enhanced fast leave tests ............................................... 43 Figure 5-3: Sample network topology for IGMP suppression tests ............................................................ 46 Figure 5-4: Sample network topology for MVR tests .................................................................................. 50 Figure 5-5: Sample network topology for MVR-PEB tests ......................................................................... 54 Figure 5-6: Sample network topology for IGMP CAC tests ........................................................................ 58 Figure 5-7: Sample network topology for IGMP static groups tests ........................................................... 61 Figure 5-8: Sample network topology for multicast access lists tests ........................................................ 64 Figure 5-9: Sample network topology for MVR tests .................................................................................. 68 Figure 5-10: Sample network topology for IGMP filtering test.................................................................... 71 Figure 6-1: Packet processing between protected and unprotected ports ................................................. 74 Figure 6-2: Sample network topology for MAC source guard tests............................................................ 77 Figure 6-3: Sample network topology for PPPoE Intermediate Agent ....................................................... 80 Figure 6-4: Sample network topology for PPPoE Intermediate Agent ....................................................... 93 Figure 7-1: An example of a network for remote access filter functionality .............................................. 101 Figure 8-1: Sample network topology for ACL tests ................................................................................. 108 Figure 8-2: Sample network topology for L3-L4 ACL tests ...................................................................... 111 Figure 9-1: Sample network topology for QoS trust zones tests ............................................................. 115 Figure 9-2: Sample network topology for QoSQoS egress queuing strategies tests ............................... 118 Figure 9-3: Sample network topology for differentiate services tests ...................................................... 121 Figure 9-4: Sample network topology for differentiate services tests ...................................................... 124 Figure 9-5: Sample network topology for differentiate services tests ...................................................... 127 Figure 9-6: Sample network topology for differentiate services tests in 3ply scenarios........................... 130 Figure 11-1: Error correction coding for VDSL2 ....................................................................................... 139 Figure 11-2: ITU-T G.993.2 frequency plans............................................................................................ 142
List of tables
Table 1-1: Document organization ............................................................................................................... 1 Table 1-2: Conventions for text marking ...................................................................................................... 2 Table 1-3: Conventions for CLI text formatting............................................................................................. 2 Table 1-4: Conventions for keyboard shortcuts usage in CLI ...................................................................... 2 Table 2-1: CLI command modes .................................................................................................................. 3 Table 2-2: CLI command modes: access and exit ....................................................................................... 3 Table 2-3: Common parameter values ......................................................................................................... 4 Table 2-4: Special key combinations ............................................................................................................ 6 Table 2-5: CLI error messages ..................................................................................................................... 6 Table 3-1: Default RADIUS settings ............................................................................................................. 9 Table 4-1: Example of selective Q-in-Q assign table ................................................................................. 17 Table 4-2: Default VLAN settings ............................................................................................................... 17 Table 4-3: Default Q in Q settings .............................................................................................................. 18
User guide (CLI)
Table 4-4: Default selective Q-in-Q settings ............................................................................................... 18 Table 4-5: VLAN data plan ......................................................................................................................... 19 Table 4-6: VLAN data plan ......................................................................................................................... 24 Table 4-7: VLAN data plan ......................................................................................................................... 28 Table 4-8: VLAN data plan ......................................................................................................................... 32 Table 4-9: VLAN data plan ......................................................................................................................... 36 Table 5-1: Default IGMP snooping settings ................................................................................................ 39 Table 5-2: IGMP snooping data plan .......................................................................................................... 41 Table 5-3: Enhanced fast leave data plan .................................................................................................. 44 Table 5-4: IGMP suppression data plan ..................................................................................................... 47 Table 5-5: MVR data plan ........................................................................................................................... 51 Table 5-6: MVR-PEB data plan .................................................................................................................. 55 Table 5-7: IGMP CAC data plan ................................................................................................................. 59 Table 5-8: IGMP static group data plan ...................................................................................................... 62 Table 5-9: Multicast access list data plan ................................................................................................... 65 Table 5-10: Standalone IGMP querier data plan ........................................................................................ 69 Table 5-11: IGMP filtering data plan ........................................................................................................... 72 Table 6-1: Example showing communication between protected/unprotected ports A and B ................... 74 Table 6-2: Default protected port and management port protection settings ............................................. 75 Table 6-3: Default DHCP RA settings ........................................................................................................ 81 Table 6-4: Default DHCPR settings ............................................................................................................ 94 Table 6-5: Default IPSG settings ................................................................................................................ 96 Table 7-1: Default Remote access filtering settings ................................................................................. 102 Table 7-2: Default Storm control settings ................................................................................................. 102 Table 8-1: L2 ACL data plan ..................................................................................................................... 108 Table 10-1: Default traceroute settings .................................................................................................... 133 Table 10-2: Default aging time settings .................................................................................................... 133 Table 11-1: VDSL2 Profiles ...................................................................................................................... 142 Table 11-2: DSL profile parameters, descriptions and values.................................................................. 143 Table 11-3: Port specific parameters, descriptions and values ................................................................ 145 Table 12-1: List of on-line diagnostic tests ............................................................................................... 165
User guide (CLI)
1
1.1
About this document

Purpose
This document describes command-line interface (CLI) commands you use to view, configure and manage the VDSL2 blade. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a remote network connection.
1.2
Intended audience
This document is intended for administrators who configure and manage the VDSL2 blade using the command-line interface (CLI).
1.3
Document organization
Table 1-1: Document organization

Chapter Describes
Using the command-line interface User management VLAN configuration
Multicast configuration
User security configuration System security configuration ACL configuration QoS configuration System management configuration
VDSL2 interface configuration Managing alarms diagnostic tests Managing DSL tests and
the Iskratel command line interface (CLI) that you can use to configure the VDSL2 blade. the authentication of locally configured users and users that are configured on the RADIUS server. how to configure VLAN, including all configuration guides are shown as Iskratel MSAN system, consisting of VDSL2 and Ethernet switch blade. how to configure the Internet Group Management Protocol (IGMP) snooping on the VDSL blade, including all its features, like MVR, MPMM, Iskratel Fast leave and others. All the configuration guides are shown as the Iskratel MSAN system, consisting of the VDSL2 and the Ethernet switch blade. how to configure port protection and management port protection on the VDSL2 blade. how to configure remote access filtering on the VDSL2 blade how to configure ACL. All configuration guides are shown as Iskratel MSAN system, consisting of VDSL2 and Ethernet switch blade. how to configure Quality of Service (QoS) mechanisms. how to manage the system configuration.
how to set or obtain the VDSL2 interface configuration. how to configure alarms and diagnostic test programs. how to manage DSL on demand tests (ODOLT) SELT and DELT and DSL online tests (OLT).
User guide (CLI)
1.4
1.4.1
Conventions
Additional text marking
Table 1-2: Conventions for text marking

Sign Text Warning Note Description The sign draws attention to a text that must be read and considered in order to avoid harmful consequences. The sign draws attention to an additional explanation.
1.4.2
Command line interface (CLI)
Table 1-3: Conventions for CLI text formatting

Format bold courier new courier new screen < [ { | [{ }] > ] } Description Elements of the application windows: window and dialog box titles, menus, data fields, buttons, tabs... Command line text in general. Command you must enter in command line interface (CLI). Information that the system displays on the screen. Indicates that you must enter a value in place of the brackets and text inside them. Indicates an optional parameter that you can enter in place of the brackets and text inside them. Indicates that you must select a parameter from the list of choices. Separates the mutually exclusive choices. Indicates a choice within an optional element.
Table 1-4: Conventions for keyboard shortcuts usage in CLI

Format DEL or Backspace Ctrl-A Ctrl-E Ctrl-Z Tab, <SPACE> Exit ? Delete previous character Go to beginning of line Go to end of line Return to root command prompt Command-line completion Go to next lower command prompt List available commands, keywords, or parameters Description
User guide (CLI)
Using the command-line interface
This chapter describes the Iskratel command line interface (CLI) that you can use to configure the VDSL2 blade. CLI is divided into several modes. The commands available depend on which mode you are currently in.
2.1
Modes
The commands are grouped into modes according to the command function. To list commands available in an individual mode, enter a question mark (?) at a system prompt. The command prompt changes in each command mode to help you identify the current mode. The first part of the prompt is adjustable and can be changed (see Changing the system prompt). In this user guide, the system prompt used is EV. Table 2-1 describes the command modes and the prompts visible in that mode. There are present only common modes; additional modes can be added, because of CLI extensibility. Table 2-1: CLI command modes Mode enable mode Prompt EV# Description Allows you to issue any command, and any show commands (with secure functions also), enter the VLAN mode, or enter the configuration mode. Groups general setup commands and permits you to make modifications to the running configuration. Groups all the VLAN commands. Allows you to enable or modify the operation of the interface.
configuration mode VLAN mode insterface mode
EV(Config)#
EV(Vlan)# EV(Interface <interface>)#
Table 2-2 explains how to enter or exit each mode. Table 2-2: CLI command modes: access and exit Mode configuration VLAN interface Access the mode From the enable mode, enter configure. From the enable mode, enter vlan database. From the configuration mode, enter interface <interface> Exit the mode To exit to the enable mode, enter exit, or press Ctrl-Z. To exit to the enable mode, enter exit, or press Ctrl-Z. To exit to the configuration mode, enter exit. To return to the enable mode, enter Ctrl-Z..
2.2
Command syntax
A command is one or more words that might be followed by one or more parameters. Parameters can be required or optional values. Some commands, such as show network or clear vlan, do not require parameters. Other commands, such as network parms, require that you supply a value after the command. You must type the parameter values in a specific order, and optional parameters follow required parameters.
User guide (CLI)
The following example describes the network parms command syntax: network parms <ipaddr> <netmask> [gateway] network parms is the command name. <ipaddr> and <netmask> are parameters and represent required values that you must enter after you type the command keywords. [gateway] is an optional parameter, so you are not required to enter a value in place of the parameter.
2.3
Parameter values
Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression System Name with Spaces forces the system to accept the spaces. Empty strings () are not valid user -defined strings. Table 2-3 describes common parameter values and value formatting. Table 2-3: Common parameter values Parameter ipaddr Description This parameter is a valid IP address. You can enter the IP address in the following formats: a (32 bits) a.b (8.24 bits) a.b.c (8.8.16 bits) a.b.c.d (8.8.8.8) In addition to these formats, the CLI accepts decimal, hexadecimal and octal formats through the following input formats (where n is any valid hexadecimal, octal or decimal number): 0xn (CLI assumes hexadecimal format) 0n (CLI assumes octal format with leading zeros) n (CLI assumes decimal format) The MAC address format is six hexadecimal numbers separated by colons, for example 00:06:29:32:81:40. Enter area IDs in dotted-decimal notation (for example, 0.0.0.1). An area ID of 0.0.0.0 is reserved for the backbone. Area IDs have the same format as IP addresses but are distinct from IP addresses. You can use the IP network number of the sub-netted network for the area ID. Enter the value of <routerid> in dotted-decimal notation, such as 0.0.0.1. A router ID of 0.0.0.0 is invalid. Valid slot and port number separated by forward slashes. For example, 0/1 represents slot number 0 and port number 1. Represents a logical slot and port number. This is applicable in the case of a port-channel (LAG). You can use the logical slot/port to configure the portchannel. Use double quotation marks to identify character strings, for example, System Name with Spaces. An empty string () is not valid.
macaddr areaid
routerid Interface or slot/port logical Interface
character strings
2.4
No forms
The no keyword is a specific form of an existing command and does not represent a new or distinct command. Almost every configuration command has a no form. In general, use the no form to reverse the action of a command or reset a value back to the default. For example, the no shutdown configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default.
Note:. Only the configuration commands are available in the no form.
User guide (CLI)
2.5
Command completion and abbreviation
Command completion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to complete the word. Command abbreviation allows you to execute a command when you have entered there are enough letters to uniquely identify the command. You must enter all of the required keywords and parameters before you enter the command
2.6
Help
Enter a question mark (?) at the command prompt to display the commands available in the current mode. (EV)#? help Display help for various special keys. logout Exit this session. Any unsaved changes are lost. ping Send ICMP echo packets to a specified IP address. quit Exit this session. Any unsaved changes are lost. show Display Switch Options and Settings. telnet Telnet to a remote host. Enter a question mark (?) after each word you enter to display available command keywords or parameters. If the help output shows a parameter in angle brackets, you must replace the parameter with a value. (EV)# network parms ? <ipaddr> Enter the IP Address. If there are no additional command keywords or parameters, or if additional parameters are optional, the following message appears in the output: <cr> Press Enter to execute the command You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example: (EV)# show m? mac-addr-table mac-address-table monitor
User guide (CLI)
2.7
Special key combinations
Table 2-4 describes the key combinations you can use to edit commands or increase the speed of command entry. You can access this list from the CLI by entering help from enable mode. Table 2-4: Special key combinations Key sequence DEL or Backspace Ctrl-A Ctrl-E Ctrl-Z Tab, <SPACE> Exit ? Description Delete previous character Go to beginning of line Go to end of line Return to root command prompt Command-line completion Go to next lower command prompt List available commands, keywords, or parameters
2.8
Messages
If you enter a command and the system is unable to execute it, an error message appears. Table 2-5 describes the most common CLI error messages. Table 2-5: CLI error messages Message text % Invalid input detected at '^' marker. Description Indicates that you entered an incorrect or unavailable command. The caret (^) shows where the invalid text is detected. This message also appears if any of the parameters or values are not recognized. Indicates that you did not enter the required keywords or values. Indicates that you did not enter enough letters to uniquely identify the command.
Command not found / Incomplete command. Use ? to list commands. Ambiguous command
2.9
Command logging
This operation enables logging of the CLI commands. It logs all CLI commands issued on the system.
Note: To disable the command logging, use the no form of the command.
To enable command logging: Step 1 2 Mode (EV)# (EV)(Config)# Command configure logging cli-command Purpose Enter configuration mode. Enable CLI command logging.
User guide (CLI)
Example: (EV)# configure (EV)(Config)# logging cli-command (EV)(Config)# exit (EV)# show cli CLI settings: command logging : enabled printout limit : 25
2.10 Changing the printout limit

This operation changes the limit of printout lines on the display. The default setting is 25 lines. To change the printout limit: Step 1 2 Mode (EV)# (EV)(Config)# Command configure cli printout-limit <20-50> Purpose Enter configuration mode. Change the printout limit.
Example: (EV)# configure (EV)(Config)# cli printout-limit 30 (EV)(Config)# exit (EV)# show cli CLI settings: command logging : enabled printout limit : 30 2.10.1 Displaying the CLI settings This operation displays the status of command logging and the printout limit settings. To display CLI settings: Step 1 Mode (EV)# Command show cli Purpose Display CLI settings.
Example: (EV)# show cli CLI settings: command logging : enabled printout limit : 30
User guide (CLI)
2.11 Changing the system prompt

This operation changes the name of the prompt. The prompt can be up to 64 alphanumeric characters long. To change the system prompt: Step Mode 1 (EV)#
Command set prompt <prompt-string>
Purpose Change the system prompt to <prompt-string>.
Example: (EV)# set prompt VDSL (VDSL)#
User management
This chapter describes the user login authentication information. It describes the authentication of locally configured users and users that are configured on the RADIUS server. The chapter consists of the following sections: Understanding Default settings Configuring local users Configuring RADIUS client
3.1
3.1.1
Understanding
Default users
There are two visible user accounts: admin, with Read/Write privileges guest, with Read Only privileges By default, both of these accounts have blank passwords. The names are not case sensitive. There is a third user account, but is not visible - non-configured user. This user is not present in the database and it just denotes the user with no account created on the system. Only users with Read/Write privileges can create or modify user accounts. The admin user account cannot be deleted, nor can its name or authentication list assignment be changed. This user thus always belongs to the defaultList authentication list You can only change the password for this user account. A user name can have a maximum of eight (8) characters. The name in not case sensitive. The valid characters can include dash (-) and underscore (_). A password can have a maximum of eight (8) alpha numeric characters and is case sensitive. 3.1.2 User authentication
The supported authentication methods are: Local the user's locally stored ID and password are used for authentication. RADIUS the user's ID and password are authenticated using the RADIUS server. Reject the user is never authenticated.
User guide (CLI)
3.1.3
Remote authentication dial-in user service (RADIUS)
The user authentication and accounting is an essential component of any Internet access architecture. In order to connect on to the network, the user is required to present security credentials (such as a username and password, or security certificate). Before the access to the network is permitted, security credentials are passed to a Network Access Server (NAS), which resides in the VDSL2 blade, then to a RADIUS server. The latter checks that the information is correct by using the authentication schemes like PAP, CHAP or EAP. If accepted, the RADIUS server will indicate to the NAS, the user is authorized to access the network, otherwise its authorization will be rejected. From the explanation, so far, is evident that the RADIUS server relies on a client-server model, with the PPP termination point as a RADIUS client (NAS), which passes user information to a designated RADIUS server, and then acts on the response. By means of RADIUS protocol, the RADIUS server may supply the NAS with additional parameters such as: The specific address to be assigned to the user, The address pool from which the user's IP should be chosen, The maximum length that the user may remain connected, An access list, priority queue or other restrictions on a user's access and L2TP parameters. The RADIUS protocol does not transmit passwords in cleartext between the NAS and RADIUS server (not even with PAP protocol). This transmission is made in the hidden form, using rather complex operation instead, which involves MD5 hashing and shared secret. The RADIUS protocol allows the vendor to add extensions to the basic protocol in order to meet its needs. For example, the L2TP parameters are optional. The accounting component is not supported.
3.2
Default settings
Table 3-1: Default RADIUS settings Feature UDP port number for RADIUS server Current RADIUS server IP Address Number of configured RADIUS servers Number of retransmits when no response is received from RADIUS server Timeout duration Default Settings 1812 N/A 0 2 10
3.3
3.3.1
Configuring local users

Adding a user
This operation adds a new user account. The account <username> can be up to eight characters long. You can use alphanumeric characters and two special characters, dash ( -) and underscore (_).The user name is case sensitive The newly added user will have read-only access.
Note: To delete the user account, use the no form of the command. Note that admin user account cannot be deleted.
10
User guide (CLI)
To add a new user account: Step 1 2 Mode (EV) # (EV)(Config) # Command configure users name <username> Purpose Enter configuration mode. Create a <username> user account.
Example: (EV)# configure (EV)(Config)# users name guest1 (EV)(Config)# exit (EV)# show users
User Name ---------admin guest1 3.3.2
User Access Mode ---------------Read/Write Read Only
Setting the user password
When you add a new user account, the password for the account is blank (no password). This operation enables you to set or change the password for a user account. A password can have a maximum of eight (8) alphanumeric characters. The password is case sensitive. When you change a password, you will be asked to provide the old password. If a password was blank, just ENTER.
Note: To set the password to blank (no password), use the no form of the command.
To set the user password: Step 1 2 Mode (EV) # (EV)(Config) # Command configure users passwd <username> Purpose Enter configuration mode. Create a <new_name> profile with parameter values adopted from the default profile. Use the option from <profile_name>, to create a profile with values adopted from the specified profile.
Example: (EV)# configure (EV)(Config)# users passwd guest1 Enter old password: Enter new password: ****** Confirm new password: ******
User guide (CLI)
11
Password was changed! (EV)(Config)# 3.3.3 Creating an authentication list
Use this command to create an authentication login list. The <listname> is any character string and is not case sensitive. Up to 10 authentication login lists can be configured. When the optional parameters <Method1>, <Method2> and/or <Method3> are used, an ordered list of methods are set in the authentication login list. If the authentication login list does not exist, a new authentication login list is first created and then the authentication methods are set in the authentication login list. The possible method values are: local, radius and reject. The value of local indicates that the users locally stored ID and password are used for authentication. The va lue of radius indicates that the users ID and password will be authenticated using the RADIUS server. The value of reject indicates the user is never authenticated. To authenticate a user, the first authentication method in the users login (authentication login list) is attempted. The software does not utilize multiple entries in the users login. If the first entry returns a timeout, the user authentication attempt fails.
Note: The default login list (defaultList) included with the default configuration cannot be changed. To create an authentication list: Step 1 2 Mode (EV) # (EV)(Config) # Command configure authentication login <listname> <method1> <method2> <method3> Purpose Enter configuration mode. Create an authentication list <listname> and define the authentication methods.
Example: (EV)# configure (EV)(Config)# authentication login newlist local radius reject (EV)(Config)# exit (EV)# show authentication
Authentication Login List ------------------------defaultList 3.3.4
Method 1 --------local
Method 2 --------undefined
Method 3 --------undefined
Assigning an authentication login list to a user
This operation assigns the specified authentication login list to the specified user for system login. If the user is assigned a login list that requires remote authentication, access to the interface from all CLI (and telnet) sessions will be blocked until the authentication is complete.
Note: The login list associated with the admin user cannot be changed to prevent accidental lockout from the blade.
12
User guide (CLI)
To assign an authentication login list to a user: Step 1 2 Mode (EV) # (EV)(Config) # Command configure users login <username> <listname> Purpose Enter configuration mode. Assign a <listname> to the <username> user.
Example: (EV)# configure (EV)(Config)# users login guest defaultList (EV)(Config)# exit (EV)# show users authentication User Name Authentication Login Lists --------- -------------------------admin defaultList guest defaultList default defaultList
(EV)# show authentication users defaultList User Name ---------admin guest default 3.3.5 Assigning the authentication list for non-configured users
This operation assigns the authentication login list to use for non-configured users when these attempt to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only To assign the authentication list for non-configured users: Step 1 2 Mode (EV) # (EV)(Config) # Command configure users defaultlogin <listname> Purpose Enter configuration mode. Create a <listname> user login list.
Example: (EV)# configure (EV)(Config)# users defaultlogin newlist
User guide (CLI)
13
3.4
3.4.1
Configuring RADIUS client

Configuring the RADIUS servers
The Network Access Server (NAS), in the VDSL2 blade, may be connected up to three authentication RADIUS servers. The configuration of RADIUS servers will be explained in the network having two RADIUS servers, as depicted in the figure below.
Primary RADIUS server 10.2.10.5
Internet
Secondary RADIUS server 11.2.11.5
Router
PC
VDSL2 blade
RADIUS Client Network Access Server (NAS)
Figure 3-1: An example of network with two RADIUS servers When the user attempts to login in, NAS prompts for a username and password. The NAS then attempts to communicate with the primary RADIUS server. Upon successful connection with the RADIUS server, the login credentials are exchanged over an encrypted channel. The primary server grants or denies access of user to the network. This decision is, of course, respected by NAS. If neither of the two RADIUS servers can be contacted, the NAS searches its local user database for the user.
14
User guide (CLI)
To configure primary and secondary RADIUS servers: Step 1 2 Mode (EV) # (EV)(Config) # Command configure radius server host auth <ipaddr_primary> <ipport> Purpose Enter configuration mode. Set IP address and port number of primary RADIUS server. If the optional <ipport> parameter is used, then this command configures the UDP port number, when the connection to the configured RADIUS server is established.The value of <ipport> parameter must lie between 1-65535. 1812 is the default value. Set shared secret key used to connect to the primary RADIUS server.The IP address <ipaddr_primary> must match the IP address in the command radius server host auth. When the shared secret key command is executed, the user will be asked to enter the secret. The latter must be an alphanumeric string, which does not exceed sixteen characters. Set the number of times a request packet is retransmitted, when no response is received from RADIUS server. Set the number of seconds to wait before retransmit request packet. Set IP address and port number of secondary RADIUS server Set shared secret key used to connect to the secondary RADIUS server. Set the primary RADIUS server. Only one server can be configured as the primary. If the primary server is already configured, prior the execution of this command, the RADIUS server specified by the IP address will become the new primary server. The IP address must match the IP address in the command radius server host auth.
(EV)(Config) #
radius server key auth <ipaddr_primary>
(EV)(Config) #
radius server retransmit <retries_count>
(EV)(Config) #
radius server timeout <seconds> radius server host auth <ipaddr_secondary> <ipport> radius server key auth <ipaddr_secondary > radius server primary <ipaddr_primary>
6 7
(EV)(Config) # (EV)(Config) #
(EV)(Config) #
User guide (CLI)
15
Example: (EV)# configure (EV)(Config)# radius server host auth 10.2.10.7 1512 (EV)(Config)# radius server key auth 10.2.0.7 Enter secret: ***** Re-enter secret: ***** (EV)(Config)# radius server retransmit 7 (EV)(Config)# radius server timeout 13 (EV)(Config)# radius server host auth 11.2.11.7 1517 (EV)(Config)# radius server key auth 11.2.1.7 Enter secret: ***** Re-enter secret: ***** (EV)(Config)# radius server primary 10.2.10.7 3.4.2 Displaying the RADIUS client and the RADIUS server settings
To display RADIUS client settings: Step 1 Mode (EV)# Command show radius [servers] Purpose Display the various RADIUS configurations for VDSL2 blade as well as for the RADIUS servers.
Example: (EV)# show radius Current Server IP Address10.2.10.7 Number of Configured Servers0 Number of Retransmits5 Timeout Duration10 3.4.3 Clearing the RADIUS statistics
To clear RADIUS statistics: Step 1 Mode (EV)# Command clear radius statistics Purpose Clear all RADIUS statistics.
Example: (EV)# clear radius statistics
16
User guide (CLI)
3.4.4
Displaying the RADIUS server statistics
To display RADIUS server statistics: Step 1 Mode (EV)# Command show radius statistics <[ipaddr]> Purpose Display the statistics of RADIUS configured server. The IP address in this command must be equal to the IP address used in the command radius server host auth.
Example: (EV)# show radius statistics 10.2.10.7
VLAN configuration
This chapter describes how to configure VLAN, Q in Q and selective Q in Q, including best practice examples. All configuration guides are shown as the Iskratel MSAN system, consisting of a VDSL2 and an Ethernet switch blade. The chapter consists of the following sections: Understanding Default settings Configuring VLAN Configuring Q in Q Configuring selective Q in Q
4.1
4.1.1
Understanding
VLAN
ANSI/IEEE 802.1Q standard describes VLAN (Virtual LAN) technology based on tagged Ethernet frames. It means that information belonging to a VLAN is contained in a special tag, which is inserted into Ethernet header. Once generated, VLAN information is part of the Ethernet frame, and can stay with a packet until it reaches the destination. This solution could be more flexible than a port-based VLAN, where each port is fixed to a VLAN. Note: For the best result all endpoints of the network and all other network devices should support this technology, otherwise it will be the same as a port-based VLAN.
User guide (CLI)
17
4.1.2
Q-in-Q
The Q-in-Q function inserts an additional Q-tag into the customer Ethernet frames at the ingress port. The S-VLAN tag is added after the Ethernet Source MAC address. The S-VLAN tag includes a Service VLAN ID (S-VLAN ID) supporting up to 4096 service instances. The three bit S-VLAN CoS field provides up to eight classes of service for each S-VLAN ID. The Service EtherType (S-Ethertype) often uses a value other than 88a8h, indicating that this SVLAN tag is not a standard IEEE 802.1Q VLAN tag. The S-CFI is also set to zero for Ethernet. The S-VLAN tag is used to identify the service. The subscribers VLAN tag (C-VLAN tag) remains intact and is not altered by the service provider anywhere within the providers network. Note: Some devices do not support Q in Q and can discard some protocol frames (STP, IGMP, etc.).
Note: Q in Q increases the frame size. Devices need to support large MTU.
4.1.3
Selective Q-in-Q
Selective Q-in-Q is a function that sets the outer VLAN tag based on the inner VLAN tag. Note: Some devices do not support Q in Q and can discard some protocol frames (STP, IGMP, etc.). Note: Q in Q increases the frame size. Devices need to support large MTU.
When using selective Q in Q, an outer VLAN tag (S-VLAN) is assigned based on the inner VLAN tag (CVLAN). When no translation for inner VLAN is found in the table, the outer VLAN (S-VLAN) value is based on PVID. This function is set per port. Each port has its own translation table. The translation table is configurable. The table is empty by default. Table 4-1: Example of selective Q-in-Q assign table VLAN inner tag (C-VLAN ID) 11 12 13 VLAN outer tag (S-VLAN ID) 20 30 none Outer tag priority (S-VLAN CoS) 1 7 none
4.2
4.2.1
Default settings
VLAN
Table 4-2: Default VLAN settings Feature PVID VLAN participation include No VLAN tagging Default Setting 1 1 1
18
User guide (CLI)
4.2.2
Q in Q
Table 4-3: Default Q in Q settings Feature Q in Q 4.2.3 Selective Q in Q Default Setting Disabled
Table 4-4: Default selective Q-in-Q settings Feature Selective Q in Q Default Setting Disabled
4.3
4.3.1
Configuring VLAN
Configuring user ports as VLAN access
This example shows how to add a user port to a VLAN. Note: This feature is called an access port by Cisco.
By default, VLAN ID 1 is (globally) enabled. PVID is set to 1 on all ports. 4.3.1.1 Prerequisites
802.1q enabled host (Linux) with two VLAN interfaces configured (eth0.10 and eth0.20)
User guide (CLI)
19
4.3.1.2
Network diagram
Figure 4-1 shows a sample network for VLAN and points where appropriate network features will be configured.
802.1 q enabled host
SI 3000 MSAN
b.
0/1
Ethernet switch
b. b. 1/1
1/1
VDSL2 blade
a. a.
0/2 Modem
a. b. Client (access) port trunk port VLAN10 VLAN20 User1
0/3
User2
Figure 4-1: Sample network topology for VLAN tests (access) 4.3.1.3 Data plan
Table 4-5: VLAN data plan Item 802.1Q enabled host User1 User2 Ethernet switch Data Eth0.10 IP address: 192.168.10.254/24 Eth0.20 IP address: 192.168.20.254/24 IP address: 192.168.10.1/24 IP address: 192.168.20.1/24 Uplink port: 0/1 Uplink port VLAN ID: 10, 20 Client port: 1/1 Client port VLAN ID: 10, 20 Uplink port: 1/1 Uplink port VLAN ID: 10, 20 Client port: 0/2, 0/3 0/2 VLAN: 10 untagged, PVID 10 0/3 VLAN: 20 untagged, PVID 20
VDSL2 blade
20
User guide (CLI)
4.3.1.3.1
Configuring the Ethernet switch blade
This example shows how to configure an Ethernet switch blade as shown in Figure 4-1. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 10 vlan 20 exit configure interface 0/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 1/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Ports 0/1 and 1/1 are configured as trunk, and pass Ethernet frames with VID 10 and VID 20. 4.3.1.3.2 Configuring the VDSL2 blade
This example shows how to configure a VDSL2 blade as shown in Figure 4-1. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) (Interface 0/3)# (EV) (Interface 0/3)# (EV) (Interface 0/3)# Command vlan database vlan 10 vlan 20 exit configure interface 1/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 0/2 vlan participation include 10 no vlan tagging 10 vlan pvid 10 exit interface 0/3 vlan participation include 20 no vlan tagging 20 vlan pvid 20 Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface Set PVID 10 on interface Exit interface 0/2 Enter interface 0/3 Add VLAN 20 on interface Set tagging rules on interface Set PVID 20 on interface
User guide (CLI)
21
21 22 23
(EV) (Interface 0/3)# (EV) (Config)# (EV) #
exit exit save config
Exit interface 0/3 Exit configuration mode Save configuration
Result: Ports 0/2 and 0/3 are configured as access ports. Port 0/2 assigns all untagged frames (ingress) to VLAN 10. Frames exiting (egress) port 0/2 are untagged. Port 0/3 is assigning all untagged frames (ingress) to VLAN 20. Frames exiting (egress) port 0/2 are untagged. Port 1/1 is configured as trunk and passes all frames belonging to VLAN 10 and 20. All frames exiting and entering port 1/1 are tagged. Client1 is able to ping the IP address on eth0.10 (192.168.10.254) of an 802.1q enabled client. Client2 is able to ping the IP address on eth0.20 (192.168.20.254) of an 802.1q enabled client. 4.3.1.3.3 Displaying VDSL2 VLAN information
Iskratel switching#show vlan brief VLAN ID VLAN Type ------- --------1 Default 10 Default 20 Default
Iskratel switching#show vlan 10 VLAN ID: 10 VLAN Name: VLAN Type: Default Interface Current Configured ------------------ ---------0/1 Exclude Exclude 0/2 Include Include 0/3 Exclude Exclude 1/1 Include Include
Tagging -------Untagged Untagged Untagged Tagged
Iskratel switching#show vlan 20 VLAN ID: 20 VLAN Name: VLAN Type: Default Interface Current Configured ------------------ ---------0/1 Exclude Exclude 0/2 Exclude Exclude 0/3 Include Include 1/1 Include Include
Tagging -------Untagged Untagged Untagged Tagged
Iskratel switching#show vlan port all
22
User guide (CLI)
Interface --------0/1 0/2 0/3 1/1 4.3.2
Port VLAN ID ------1 10 20 1
Acceptable Frame Types -----------Admit All Admit All Admit All Admit All
Ingress Filtering ----------Disable Disable Enable Disable
Default GVRP Priority ------- -------Disable 0 Disable 0 Disable 0 Disable 0
Configuring user ports as VLAN trunk
This example shows how to add a user port to multiple VLANs.
Note: This is called a trunk port by Cisco.
802.1q enabled host (Linux) with two VLAN interfaces configured (eth0.10 and eth0.20) Modem supports VLAN, and has VLAN 10 and 20 enabled. One computer is put in VLAN 10 (service1), and the other in VLAN 20 (service2).
User guide (CLI)
23
4.3.2.2
Network diagram
Figure 4-2 shows a sample network for VLAN and points where appropriate network features will be configured.
802.1 q enabled host
SI 3000 MSAN
b.
0/1
Ethernet switch
b. b. 1/1
1/1
VDSL2 blade
b.
0/2 Modem
a. b. Client (access) port trunk port VLAN10 VLAN20 service1 service2 a. a.
Figure 4-2: Sample network topology for VLAN tests (trunk)
24
User guide (CLI)
4.3.2.3
Data plan
Table 4-6: VLAN data plan Item 802.1Q enabled host Service1 Service2 Ethernet switch Data Eth0.10 IP address: 192.168.10.254/24 Eth0.20 IP address: 192.168.20.254/24 IP address: 192.168.10.1/24 IP address: 192.168.20.1/24 Uplink port: 0/1 Uplink port VLAN ID: 10, 20 Client port: 1/1 Client port VLAN ID: 10, 20 Uplink port: 1/1 Uplink port VLAN ID: 10, 20 Client port: 0/2 0/2 VLAN: 10 tagged, 20 tagged
VDSL2 blade
4.3.2.3.1
This example shows how to configure the Ethernet switch blade as shown in Figure 4-2. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 10 vlan 20 exit configure interface 0/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 1/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Ports 0/1 and 1/1 are configured as trunk, and pass Ethernet frames with VID 10 and VID 20.
User guide (CLI)
25
4.3.2.3.2
Configuring the VDSL2 blade
This example shows how to configure the VDSL2 blade as shown in Figure 4-2. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) # Command vlan database vlan 10 vlan 20 exit configure interface 1/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 0/2 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 0/2 Exit configuration mode Save configuration
Result: Port 0/2 is configured as trunk, and passes all frames belonging to VLAN 10 and 20. All frames exiting and entering port 1/1 are tagged. Port 1/1 is configured as trunk, and passes all frames belonging to VLAN 10 and 20. All frames exiting and entering port 1/1 are tagged. Service1 is able to ping IP address on eth0.10 (192.168.10.254) of an 802.1q enabled client. Service2 is able to ping IP address on eth0.20 (192.168.20.254) of an 802.1q enabled client. 4.3.2.3.3 Displaying VDSL2 VLAN information
Iskratel switching#show vlan brief VLAN ID VLAN Type ------- --------1 Default 10 Default 20 Default
Iskratel switching#show vlan 10 VLAN ID: 10 VLAN Name: VLAN Type: Default Interface Current Configured ------------------ ---------0/1 Exclude Exclude
Tagging -------Untagged
26
Include Exclude Include Include Exclude Include Tagged Untagged Tagged
User guide (CLI)
0/2 0/3 1/1
Iskratel switching#show vlan 20 VLAN ID: 20 VLAN Name: VLAN Type: Default Interface Current Configured ------------------ ---------0/1 Exclude Exclude 0/2 Include Include 0/3 Exclude Exclude 1/1 Include Include
Tagging -------Untagged Tagged Untagged Tagged
4.4
4.4.1
Configuring Q-in-Q
Configuring user ports as tunnel ports
This example shows how to set a user port as a tunnel port. Note: This is called VLAN tunneling.
MAN equipment supports Q in Q. Modem must support VLAN.
User guide (CLI)
27
4.4.1.2
Network diagram
Figure 4-3 shows a sample network for VLAN and points where appropriate network features will be configured. Two branches of the same company are connected through MAN (Metropolitan Area Network).
MAN Inner VLAN10 Outer VLAN20

SI 3000 MSAN b.
Inner VLAN10 Outer VLAN20

SI 3000 MSAN b.
0/1 Ethernet switch
0/1
Ethernet switch
b. b. 1/1
1/1
b.
b. 1/1
1/1
VDSL2 blade
a.
VDSL2 blade
a.
0/2 Modem
a. b. Vlan tunneling port trunk port VLAN10 VLAN20 Branch West of enterprise
0/2 Modem
User VLAN10
User VLAN10
Branch East of enterprise
Figure 4-3: Sample network topology for Q-in-Q tunneling tests Note: All traffic going to a tunneling port in the ingress direction receives an additional outer VLAN tag. The outer VLAN tag is stripped from all traffic exiting the tunneling port (egress).
28
User guide (CLI)
4.4.1.3
Data plan
Table 4-7: VLAN data plan Item Branch West Branch East Outer VLAN ID Inner VLAN ID Ethernet switch Data IP address: 192.168.10.1/24 IP address: 192.168.10.2/24 20 10 Uplink port: 0/1 Uplink port VLAN ID: 20 tagged Client port: 1/1 Client port VLAN ID: 20 tagged Uplink port: 1/1 Uplink port VLAN ID: 20 tagged Client port: 0/2 0/2 VLAN: 10 tagged
VDSL2 blade
4.4.1.3.1
This example shows how to configure the Ethernet switch blade as shown in Figure 4-3. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 10 vlan 20 exit configure interface 0/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 1/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Ports 0/1 and 1/1 are configured as trunk and are passing through Ethernet frames with VID 20. Note: To keep VLAN priority assigned to the outer frame, the Ethernet switch must trust dot1p. To do this, use the classofservice trust dot1p command in the appropriate interface (1/1).
User guide (CLI)
29
4.4.1.3.2
This example shows how to configure a VDSL2 blade as shown in Figure 4-3. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) # Command vlan database vlan 10 vlan 20 exit configure interface 1/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 0/2 vlan pvid 20 vlan priority 2 mode dvlan-tunnel vlan participation include 10 vlan tagging 10 vlan participation include 20 no vlan tagging 20 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface Enter interface Set outer VLAN tag Set outer VLAN priority Set interface as tunnel Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface Exit configuration mode Save configuration
Result: Port 0/2 is configured as tunnel, and passes all frames belonging to VLAN 10. The VLAN 20 outer tag is added to frames entering port 0/2. All frames exiting and entering port 1/1 are double tagged. Port 1/1 is configured as trunk, and passes all frames belonging to 20. All frames exiting and entering port 1/1 are double tagged. Branch West is able to ping Branch East. 4.4.1.3.3 Displaying VDSL2 VLAN information
Iskratel switching#show dvlan-tunnel DVLAN Tunnel Ethertype .................. 802.1q Interfaces Enabled for DVLAN Tunneling... 0/2 Iskratel switching#show dvlan-tunnel interface 0/2 Dvlan-tunnel Vlan-stacking Vlan-stacking Interface Mode EtherType inner VLAN ID priority --------- ------------ -------- ------------- ------------0/2 Enabled 802.1q none none Selective dvlan-tunnel for Interface:
30
User guide (CLI)
Inner Outer VLAN ID VLAN ID Priority ------- ------- -------Iskratel switching#show vlan port all Port Acceptable Default Interface VLAN ID Frame Types Priority --------- ------- ----------- -------0/1 1 Admit All 0 0/2 20 Admit All 2 0/3 1 Admit All 0
4.4.2
Configuring user ports as stacking ports
This example shows how to set a user port as a stacking port. Note: This is called VLAN stacking. It is used in the VLAN per user architecture.
MAN equipment supports Q in Q.
User guide (CLI)
31
4.4.2.2
etwork diagram
Figure 4-4 shows a sample network for VLAN and points where appropriate network features will be configured. Two branches of the same company are connected through MAN (Metropolitan Area Network).
MAN Inner VLAN10 Outer VLAN20

SI 3000 MSAN b.

SI 3000 MSAN b.
0/1 Ethernet switch
0/1
Ethernet switch 1/1 b. 1/1 VDSL2 blade

a. b.
b.
b. 1/1
1/1
VDSL2 blade
a.
0/2 Modem
a. b. Vlan stacking port trunk port VLAN10 VLAN20 Branch West of enterprise
0/2 Modem
Branch East of enterprise
Figure 4-4: Sample network topology for Q-in-Q stacking tests Note: A double VLAN tag is added on the stacking port in the ingress direction. All VLAN tags are removed in the egress direction.
32
User guide (CLI)
4.4.2.3
Data plan
Table 4-8: VLAN data plan Item Branch West Branch East Outer VLAN ID Inner VLAN ID Ethernet switch Data IP address: 192.168.10.1/24 IP address: 192.168.10.2/24 20 10 Uplink port: 0/1 Uplink port VLAN ID: 20 tagged Client port: 1/1 Client port VLAN ID: 20 tagged Uplink port: 1/1 Uplink port VLAN ID: 20 tagged Client port: 0/2 0/2 VLAN: untagged
VDSL2 blade
4.4.2.3.1
This example shows how to configure an Ethernet switch blade as shown in Figure 4-4. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 10 vlan 20 exit configure interface 0/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 1/1 vlan participation include 10 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Ports 0/1 and 1/1 are configured as trunk, and pass Ethernet frames with VID 20.
User guide (CLI)
33
4.4.2.3.2
This example shows how to configure a VDSL2 blade as shown in Figure 4-4. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) # Command vlan database vlan 10 vlan 20 exit configure interface 1/1 vlan tagging 10 vlan participation include 20 vlan tagging 20 exit interface 0/2 vlan pvid 20 vlan priority 2 mode dvlan-tunnel vlan participation include 10 no vlan tagging 10 vlan participation include 20 no vlan tagging 20 dvlan-tunnel vlan-stacking inner-vlan 10 priority 1 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 1/1 Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface Enter interface Set outer VLAN tag Set outer VLAN priority Set interface as tunnel Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Set inner VLAN parameters Exit interface Exit configuration mode Save configuration
Result: Port 0/2 is configured as stacking, and passes all frames untagged. VLAN 20 outer tag and VLAN 10 inner tag is added to frames entering (ingress) port 0/2. Frames exiting port 0/2 (egress) are untagged. All frames exiting and entering port 1/1 are double tagged. Port 1/1 is configured as trunk, and passes all frames belonging to 20. All frames exiting and entering port 1/1 are double tagged. Branch West is able to ping Branch East. 4.4.2.3.3 Displaying VDSL2 VLAN information
Iskratel switching#show dvlan-tunnel DVLAN Tunnel Ethertype .................. 802.1q Interfaces Enabled for DVLAN Tunneling... 0/2 Iskratel switching#show dvlan-tunnel interface 0/2 Dvlan-tunnel Vlan-stacking Vlan-stacking Interface Mode EtherType inner VLAN ID priority --------- ------------ --------- ------------- ------------0/2 Enabled 802.1q 10 1
34
User guide (CLI)
Selective dvlan-tunnel for Interface: Inner Outer VLAN ID VLAN ID Priority ------- ------- -------Iskratel switching#show vlan port 0/2 Port Acceptable Default Interface VLAN ID Frame Types Priority --------- ------- ----------- -------0/2 20 Admit All 2
4.5
4.5.1
Configuring selective Q in Q
Configuring user ports as selective Q-in-Q ports
This example shows how to set an EV blade to send two different S-VLAN tags. Note: This is called selective Q in Q.
Service1 and Service2 support double VLAN tagging. An L2/L3 switch does not have routing enabled. Modem supports and has VLAN 11 and VLAN 12 configured.
User guide (CLI)
35
4.5.1.2
Network diagram
Figure 4-5 shows a sample network for VLAN, and points where appropriate network features will be configured. Client1 connects to Service1, and Client2 connects to Service2.
Service1
Service 2
SI 3000 MSAN
b.
0/1
Ethernet switch
b. b. 1/1
1/1
VDSL2 blade
a.
0/2 Modem
a. b. Vlan tunneling port trunk port VLAN10 VLAN20 User1 User2
User VLAN12 User VLAN11
Figure 4-5: Sample network topology for selective Q-in-Q tests Note: All traffic going to a tunneling port in the ingress direction receives an additional outer VLAN tag. This tag is based on the inner VLAN tag.
36
User guide (CLI)
4.5.1.3
Data plan
Table 4-9: VLAN data plan Item Clent1 Client2 Service1 Service2 Outer VLAN ID Client1 Inner VLAN ID Client1 Outer VLAN ID Client2 Inner VLAN ID Client2 Ethernet switch Data IP address: 192.168.10.1/24 IP address: 192.168.20.1/24 IP address: 192.168.10.2/24 IP address: 192.168.20.2/24 20 11 30 12 Uplink port: 0/1 Uplink port VLAN ID: 20 tagged, 30 tagged Client port: 1/1 Client port VLAN ID: 20 tagged, 30 tagged Uplink port: 1/1 Uplink port VLAN ID: 20 tagged, 30 tagged Client port: 0/2 0/2 VLAN: 11 tagged, 12 tagged
VDSL2 blade
4.5.1.3.1
This example shows how to configure an Ethernet switch blade as shown in Figure 4-5. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 20 vlan 30 Exit Configure interface 0/1 vlan participation include 20 vlan tagging 30 vlan participation include 20 vlan tagging 30 Exit interface 1/1 vlan participation include 20 vlan tagging 20 vlan participation include 30 vlan tagging 30 exit exit save config Purpose Enter VLAN database Add VLAN 10 Add VLAN 20 Exit VLAN database Enter configuration mode Enter interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Ports 0/1 and 1/1 are configured as trunk, and pass Ethernet frames with VID 20 and VID 30.
User guide (CLI)
37
4.5.1.3.2
This example shows how to configure a VDSL2 blade as shown in Figure 4-5. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) # Command vlan database vlan 11 vlan 12 vlan 20 vlan 30 exit configure vlan participation include 20 vlan tagging 20 vlan participation include 30 vlan tagging 30 exit interface 0/2 mode dvlan-tunnel vlan participation include 11 vlan tagging 11 vlan participation include 12 vlan tagging 12 vlan participation include 20 no vlan tagging 20 vlan participation include 30 no vlan tagging 30 dvlan-tunnel inner-vlan 11 outer-vlan 20 priority 2 dvlan-tunnel inner-vlan 12 outer-vlan 30 priority 3 exit exit save config Purpose Enter VLAN database Add VLAN 11 Add VLAN 12 Add VLAN 20 Add VLAN 30 Exit VLAN database Enter configuration mode Add VLAN 20 on interface Set tagging rules on interface Add VLAN 30 on interface Set tagging rules on interface Exit interface Enter interface Set interface as tunnel Add VLAN 11 on interface Set tagging rules on interface Add VLAN 12 on interface Set tagging rules on interface Add VLAN 20 on interface Set tagging rules on interface Add VLAN 30 on interface Set tagging rules on interface Set selective Q-in-Q rules Set selective Q-in-Q rules Exit interface Exit configuration mode Save configuration
Result: Client1 can access Service2, and Client2 can access Service2. Displaying VDSL2 VLAN information. 4.5.1.3.3 Displaying VDSL2 VLAN information
Iskratel switching#show dvlan-tunnel interface 0/2 Dvlan-tunnel Vlan-stacking Vlan-stacking Interface Mode EtherType inner VLAN ID priority --------- ------------ --------- ------------- ------------0/2 Enabled 802.1q none none Selective dvlan-tunnel for Interface: Inner Outer VLAN ID VLAN ID Priority
38
User guide (CLI)
------- ------- -------11 20 2 12 30 3
Multicast configuration
This chapter describes how to configure the Internet Group Management Protocol (IGMP) snooping on the VDSL blade, including all its features, like MVR, MPMM, Iskratel Fast leave and others. All the configuration guides are shown as the Iskratel MSAN system, consisting of the VDSL2 and the Ethernet switch blade. This chapter consists of the following sections: Understanding IGMP snooping Default settings Best-practice examples of: IGMP v2 snooping IGMP enhanced fast leave IGMP snooping with suppression IGMP multicast VLAN registration (MVR) IGMP multicast VLAN registration for provider edge bridges (MVR-PEB) IGMP call-admission control (CAC) Multicast group access lists (MACL) Standalone IGMP querier IGMP filtering
5.1
Understanding
The VDSL2 blade can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring the Layer 2 interfaces so that multicast traffic is forwarded only to those interfaces associated with multicast devices. As the name implies, IGMP snooping requires the VDSL2 blade to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the VDSL2 blade receives an IGMP report from a host for a particular multicast group, the VDSL2 blade adds the hosts port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients. Note: For more information on IP multicast and IGMP, see RFC 1112 and RFC 2236.
The multicast router sends out periodic, general IGMP queries to all multicast-enabled VLANs. All the hosts interested in multicast traffic send membership requests and are added or re-timed in/to the multicast forwarding table entry. The VDSL2 blade creates one entry per VLAN in the IGMP snooping multicast forwarding table for each group from which it receives an IGMP join request. Warning: If a port spanning-tree, a port group, or a VLAN ID change occurs, the IGMP snooping-learned multicast groups from this port on the VLAN are deleted.
User guide (CLI)
39
5.1.1
IGMP versions
The VDSL2 blade supports IGMP version 2 and IGMP version 3. These versions are not interoperable on the blade or MSAN. For example, if IGMP snooping is enabled on IGMPv2 and the VDSL2 blade receives an IGMPv3 report from a host, the node will drop the demand. Note: Up to 128 simultaneous multicast groups are supported on the VDSL2 blade.
5.2
Default settings
Table 5-1: Default IGMP snooping settings Feature IGMP snooping Multicast router ports IGMP snooping fast leave for multiple clients Static groups IGMP report suppression MVR/MPMM/MPMM-PEB Standalone IGMP querier IGMP forking Default setting Disabled None configured Enabled on subscriber ports None configured Disabled Disabled Disabled Disabled
5.3
Configuring IGMP v2 snooping
This example shows how to use IGMP snooping within multicast distribution. IGMP snooping is the process of listening to IGMP traffic. IGMP snooping is a feature that allows layer 2 equipment to "listen in" on the IGMP conversation between hosts and routers by processing the layer 3 IGMP packets sent in a multicast network. By default, IGMP snooping is globally disabled on the VDSL2 blade. Supported modes on the blades are: Snooping Discarding (default) Flooding IGMP snooping is enabled/disabled on a per-VLAN basis. By default it is disabled on all VLANs. Note: Up to xx VLANs can be supported for multicast distribution.
5.3.1
Prerequisites
In the network there exists a multicast source with a known IP address The configuration is a default, the line profiles are at default values The used IGMP version is 2 Multicast traffic for the user side is received on the VDSL2 blade with a VLAN tag (VLAN-ID 5)
40
User guide (CLI)
5.3.2
Network datagram
Figure 5-1 shows a sample network for IGMP snooping, and the points where proper network features will be configured.
Multicast source Service provider A
Internet
Router
Ethernet switch
b.
1/1 0/1
VDSL2 blade
a. a.
1/2 Modem
a. IGMP clients port b. IGMP mrouter port (dynamically set)
1/3
STB TV
User1 User2
Figure 5-1: Sample network topology for IGMP snooping tests
IGMP membership & leave sent
SI3000 MSAN
Multicast path
0/1
User guide (CLI)
41
5.3.3
Data plan
Table 5-2: IGMP snooping data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5, IGMP queries are sent every 30s. xDSL port 1/2 and 1/3 Multicast VLAN: 5, named as Video Multicast security mechanisms: none IP address in the same network segment as the upper router
Router Users
STB 5.3.3.1
This example shows how to configure the Ethernet switch blade to pass multicast traffic, as shown in Figure 5-1. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Multicast traffic in VLAN 5 can now pass the Ethernet switch blade, so the next thing to do is to configure the VDSL2 blade.
42
User guide (CLI)
5.3.3.2
This example shows how to configure the VDSL2 blade to pass multicast traffic in VLAN 5 and include two multicast clients, as shown in Figure 5-1. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan participation include 5 vlan tagging 5 exit interface 1/3 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Enter interface 1/3 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/3 Exit configuration mode Save configuration
Result: User1 & user2 can watch programs in the range of 239.1.1.1 to 239.1.1.10 at VLAN5. When user1 and user2 are watching the same IGMP group (like 239.1.1.1) and one of them leaves this group (in this test user1), user2 will not suffer a loss of picture. From the network perspective one multicast group (as 239.1.1.1) is only once switched to the VDSL2 blades and then the IGMP snooping process forwards the stream to multiple clients.
5.4
Configuring IGMP enhanced fast leave
This example shows how to use Iskratel IGMP enhanced fast leave within multicast distribution. The IGMP enhanced fast leave feature provides quick removal of unwanted multicast groups on subscriber ports. Quick time is crucial on low-speed dsl ports where bandwidth is an issue. With enhancement it is possible to use the fast leave feature even on dsl ports where many TV subscribers are present. By default, IGMP enhanced fast leave is enabled on all subscriber ports.
User guide (CLI)
43
5.4.1
Prerequisites
In the network there exists a multicast source with a known IP address The configuration is a default, the line profiles are at default values Used IGMP version is 2 The multicast traffic for the user side is received on the VDSL2 blade with a VLAN tag (VLAN-ID 5) 5.4.2 Network datagram
Figure 5-2 shows a sample network of enhanced fast leave and the points where the network features will be configured.
Internet
Router
Ethernet switch
b.
1/1 0/1
VDSL2 blade
a.
1/2
Modem
a. IGMP client (enhanced fast leave) port b. IGMP mrouter port (dynamically or statically set)
STB TV
User1 User2
Figure 5-2: Sample network topology for IGMP enhanced fast leave tests
SI3000 MSAN
Multicast path
0/1
44
User guide (CLI)
5.4.3
Data plan
Table 5-3: Enhanced fast leave data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5, IGMP queries are sent every 30s. Dsl port: 1/2 Multicast VLAN: 5, named as Video Multicast security mechanisms: none IP address in same network segment as upper router
Router Users
STB 5.4.3.1
This example shows how to configure the Ethernet switch blade to pass multicast traffic, as shown in Figure 5-2. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
User guide (CLI)
45
5.4.3.2
This example shows how to configure the VDSL2 blade to pass multicast traffic in VLAN 5 and administer enhanced fast leave, as shown in Figure 5-2. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# EV) (Config)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan participation include 5 vlan tagging 5 exit set igmp fast-leave exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Enable enhanced fast leave Exit configuration mode Save configuration
Result: User1 & user2 can watch programs in the range of 239.1.1.1 to 239.1.1.10 at VLAN5. When user1 and user2 are watching the same IGMP group (like 239.1.1.1), and one of them leaves this group (in this test user1), user2 will not suffer from a loss of picture. Enhanced fast leave knows how many users are present on the port and monitors its multicast groups. In the case when both users watch the same program and one of them leaves the channel (sent IGMP leave towards MSAN), intelligent fast leave will not send LEAVE towards the network, and will protect the second user from suffering a black or no picture.
5.5
Configuring IGMP snooping with suppression
This example shows how to use Iskratel IGMP snooping with suppression on the VDSL2 blade. It is highly recommended that IGMP suppression is done on the central Ethernet blade to cover all peripheral blades. IGMP suppression is an optimizer feature is the case of using the IGMP snooping technique. When a device with enabled suppression receives IGMP reports and leaves for the same IGMP group, it will suppress them (send just the first join and the last leave). By default, IGMP suppression is disabled.
46
User guide (CLI)
5.5.1
Prerequisites
In the network there exists a multicast source with a known IP address The configuration is a default; the line profiles are at default values The used IGMP version is 2 The multicast traffic for the user side is received on the VDSL2 blade with a VLAN tag (VLAN-ID 5) 5.5.2 Network datagram
Figure 5-3 shows a sample network of IGMP suppression and the points where the network features will be configured.
Internet
Router
SI3000 MSAN
Ethernet switch
b.
1/1 0/1
a.
a.
1/2 Modem
a. IGMP clients port b. IGMP mrouter port (dynamically set) c. IGMP supression
1/3
STB TV
User1 User2
Figure 5-3: Sample network topology for IGMP suppression tests
VDSL2 blade
c.
Multicast path
0/1
First membership & last leave passed for same multicast group
User guide (CLI)
47
5.5.3
Data plan
Table 5-4: IGMP suppression data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5, IGMP queries are sent every 30s. xDSL port 1/2 and 1/3 Multicast VLAN: 5, named as Video Multicast security mechanisms: none IP address in same network segment as upper router
Router Users
STB 5.5.3.1
This example shows how to configure Ethernet switch blade to pass multicast traffic as shown in Figure 5-3. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
48
User guide (CLI)
5.5.3.2
This example shows how to configure the VDSL2 blade to pass multicast traffic and do suppression in VLAN 5, as shown in Figure 5-3. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp set igmp report-suppression interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan participation include 5 vlan tagging 5 exit interface 1/3 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enable igmp snooping report suppression on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Enter interface 1/3 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/3 Exit configuration mode Save configuration
Result: User1 & user2 can watch programs in the range of 239.1.1.1 to 239.1.1.10 at VLAN5. When user1 and user2 are watching the same IGMP group (like 239.1.1.1) and one of them leaves this group (in this test user1), it will send an IGMP leave message. The leave message will be intercepted by the VDSL2 blade, the multicast table will be checked and leave will not be sent towards the network (like multicast routers) for sure user1 will stop receiving the multicast stream from group 239.1.1.1. In case when user2 wants to leave group 239.1.1.1, this leave will be transmitted towards the network, because it is the last message for this group. The same will happen with IGMP join messages only that the first join message for the group will pass, all the others will be suppressed.
User guide (CLI)
49
5.6
Configuring IGMP multicast VLAN registration
This example shows how to configure IGMP multicast VLAN registration on the VDSL2 blade. IGMP MVR offers the possibility to use a shared VLAN for multicast distribution, and still maintain user isolation. IGMP MVR can be done at the system or the interface level. By default, IGMP MVR is disabled. 5.6.1 Prerequisites
In the network there exists a multicast source with a known IP address The configuration is a default; the line profiles are at default values The used IGMP version is 2 The traffic from users is VLAN untagged
50
User guide (CLI)
5.6.2
Network datagram
Figure 5-4 shows a sample network of the IGMP MVR and the points where the network features will be configured.
Internet
Router
SI3000 MSAN
Ethernet switch
b.
1/1 0/1
a.
a.
1/2 Modem
a. IGMP clients port b. IGMP mrouter port (dynamically set) c. MVR enabled
1/3
STB TV
User1 User2
Figure 5-4: Sample network topology for MVR tests
IGMP membership & leave sent in VLAN untagged way
VDSL2 blade
c.
Multicast path
0/1
Multicast traffic set in shared MC VLAN, all other in unicast VLAN
User guide (CLI)
51
5.6.3
Data plan
Table 5-5: MVR data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5, IGMP queries are sent every 30s. xDSL port 1/2 and 1/3 Multicast VLAN: 5, named as Video Unicast VLAN: 10 named as Data Multicast security mechanisms: none IP address in same network segment as upper router
Router Users
STB 5.6.3.1
This example shows how to configure the Ethernet switch blade to pass multicast traffic as shown in Figure 5-4. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video vlan 10 name Data set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 vlan participation include 10 vlan tagging 10 exit interface 1/1 vlan participation include 5 vlan tagging 5 vlan participation include 10 vlan tagging 10 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Add VLAN 10 with name Data Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Add VLAN 10 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Add VLAN 10 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Multicast traffic in VLAN 5 and unicast traffic in VLAN 10 can now pass the Ethernet switch blade, so the next thing to do is to configure the VDSL2 blade.
52
User guide (CLI)
5.6.3.2
This example shows how to configure the VDSL2 blade to pass multicast traffic and separate it from unicast traffic as shown in Figure 5-4. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp set mvr cvlan 10 mvlan 5 interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan pvid 10 vlan participation include 10 no vlan tagging 10 exit interface 1/3 vlan pvid 10 vlan participation include 10 no vlan tagging 10 exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enable MVR on blade Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Enter interface 1/3 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/3 Exit configuration mode Save configuration
Result: User1 & user2 send combined traffic in VLAN untagged mode, which is at the VDSL subscriber port side tagged (only IGMP traffic) with a proper multicast VLAN and sent towards the network. Unicast traffic is part of a unicast VLAN, which is set at the subscriber port (set as the port VLAN ID; PVID). MVR functionality used in this way separates multicast traffic from unicast traffic, and creates a safe L2 domain.
User guide (CLI)
53
5.7
Configuring IGMP multicast VLAN registration for provider edge bridges (MVR-PEB)
This example shows how to configure IGMP multicast VLAN registration for the provider edge bridge (MVR-PEB) on the VDSL2 blade. IGMP MVR-PEB offers the possibility to use a shared VLAN for multicast distribution and still maintain user isolation in provider edge bridge environments. By default, IGMP MVR-PEB is disabled. Note: Only one multicast MVR-PEB VLAN can be chosen on the blade.
Note: It can only be configured on subscriber ports in tunnel or stacking VLAN mode.
5.7.1.1
Prerequisites
In the network there exists a multicast source with a known IP address The configuration is a default; the line profiles are at default values The used IGMP version is 2 The traffic from users is VLAN untagged
54
User guide (CLI)
5.7.2
Network datagram
Figure 5-5 shows a sample network of the IGMP MVR-PEB and the points where the network features will be configured.
Internet
Router
SI3000 MSAN
Ethernet switch
b.
1/1 0/1
c.
a.
a.
1/2 Modem
a. IGMP clients port b. IGMP mrouter port (dynamically set) c. MVR-PEB enabled
1/3
STB TV
User1 User2
MVR VLAN
Figure 5-5: Sample network topology for MVR-PEB tests
IGMP membership & leave sent in VLAN untagged way
VDSL2 blade
Multicast path
0/1
Multicast traffic set in shared MC VLAN, all other in unicast (S+C)VLAN
User guide (CLI)
55
5.7.3
Data plan
Table 5-6: MVR-PEB data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5; IGMP queries are sent every 30s. xDSL port 1/2 and 1/3 Multicast VLAN: 5, named as Video Unicast VLAN: 10 named as Data Multicast security mechanisms: none IP address in same network segment as upper router
Router Users
STB 5.7.3.1
This example shows how to configure the Ethernet switch blade to pass multicast traffic as shown in Figure 5-5. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video vlan 10 name Data set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 vlan participation include 10 vlan tagging 10 exit interface 1/1 vlan participation include 5 vlan tagging 5 vlan participation include 10 vlan tagging 10 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Add VLAN 10 with name Data Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Add VLAN 10 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Add VLAN 10 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Multicast traffic in VLAN 5 and unicast traffic in VLAN 10 can now pass the Ethernet switch blade, so the next thing to do is to configure the VDSL2 blade.
56
User guide (CLI)
5.7.3.2
This example shows how to configure the VDSL2 blade to pass multicast traffic in a shared multicast VLAN, and do double VLAN tagging (in a single step) on another unicast VLAN. Step 1 2 3 4 5 6 7 8 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp set mvr cvlan 10 mvlan 5 Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Set multicast vlan registration, customer VLAN 10, multicast VLAN 5 Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Enter interface 1/3 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/3 Exit configuration mode Save configuration
9 10 11 12 13 14 15 16 17 18 19 20 21 22
(EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Interface 1/3)# (EV) (Config)# (EV) #
interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan participation include 5 vlan tagging 5 exit interface 1/3 vlan participation include 5 vlan tagging 5 exit exit save config
Result: User1 & user2 send untagged traffic, which is at the VDSL subscriber port side tagged with the proper multicast VLAN and sent towards the network. Unicast traffic is part of a unicast C+S VLAN, which is set at the subscriber port.
User guide (CLI)
57
5.8
Configuring IGMP call admission control (CAC)
This example shows how to configure IGMP call admission control (CAC) on the VDSL2 blade. IGMP CAC offers the possibility to limit max. simultaneous dynamic IGMP groups on subscriber ports. By default, IGMP CAC is disabled. Note: Statically assigned multicast groups are not counted in the CAC limitation.
5.8.1
Prerequisites
In the network there exist two multicast sources with known IP addresses The configuration is a default; the line profiles are at default values The used IGMP version is 2 The traffic from users is VLAN untagged
58
User guide (CLI)
5.8.2
Network datagram
Figure 5-6 shows a sample network of the IGMP CAC and the points where the network features will be configured.
Internet
Router
Ethernet switch
b.
1/1 0/1
VDSL2 blade
a.
1/2
Modem
a. IGMP CAC point b. IGMP mrouter port (dynamically or statically set)
STB
User1
Figure 5-6: Sample network topology for IGMP CAC tests
SI3000 MSAN
Multicast path
0/1
User guide (CLI)
59
5.8.3
Data plan
Table 5-7: IGMP CAC data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5; IGMP queries are sent every 30s. xDsl port 1/2 Multicast VLAN: 5, named as Video Multicast security mechanisms: none IP address in same network segment as upper router
Router Users
STB 5.8.3.1
This example shows how to configure the Ethernet switch blade to pass multicast traffic as shown in Figure 5-6. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Mode (ES) # (ES)(Vlan) # (ES)(Vlan) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan name 5 Video set igmp 5 exit configure set igmp snooping interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit write mem Purpose Enter VLAN database Add VLAN 5 with name Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
60
User guide (CLI)
5.8.3.2
This example shows how to configure the VDSL2 blade to pass multicast traffic in VLAN 5 and include two multicast clients as shown in Figure 5-6. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(vlan_database) # (EV)(vlan_database) # (EV) # (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan participation include 5 vlan tagging 5 exit multicast group-limit 2 exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Set limitation to multicast groups Exit configuration mode Save configuration
Result: User1 can get up to 2 multicast groups simultaneously. When the user wants a third group, this IGMP membership request is dropped because of the limitation. If a static IGMP group is added, it will not be counted in the limitation. 5.8.4 Configuring IGMP static multicast groups
This example shows how to configure IGMP static multicast groups on the VDSL2 blade. IGMP static multicast groups offer the possibility to access multicast groups even without sending a proper IGMP membership request. By default, no static groups are configured on the blade. Note: Up to 128 multicast groups can be configured on the subscriber port.
User guide (CLI)
61
5.8.5
Prerequisites
In the network there exist two multicast sources with known IP addresses The configuration is a default; the line profiles are at default values The used IGMP version is 2 The traffic from users is VLAN untagged 5.8.6 Network datagram
Figure 5-7 shows a sample network of IGMP static groups and the points where the network features will be configured.
Internet
Router
SI3000 MSAN
Ethernet switch
b.
1/1 0/1
VDSL2 blade
a.
1/2
Modem
a. IGMP static groups b. IGMP mrouter port (dynamically or statically set)
STB
User1
Figure 5-7: Sample network topology for IGMP static groups tests
Multicast path
0/1
62
User guide (CLI)
5.8.7
Data plan
Table 5-8: IGMP static group data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5, IGMP queries are sent every 30s. xDSL port 1/2 Multicast VLAN: 5, named as Video Multicast security mechanisms: none IP address in same network segment as upper router
Router Users
STB 5.8.7.1
This example shows how to configure the Ethernet switch blade to flood multicast traffic as shown in Figure 5-7. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Mode (ES) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video configure set igmp set igmp unknowngroupsflood interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Enter configuration mode Enable igmp snooping on device Enable flooding of all multicast traffic Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
User guide (CLI)
63
5.8.7.2
This example shows how to configure the VDSL2 blade to pass multicast traffic in VLAN 5, flood it and enter multicast static groups as shown in Figure 5-7. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan participation include 5 vlan tagging 5 multicast static-group attach Test 239.1.1.1 exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Definition of static group on subscriber interface Exit interface 1/2 Exit configuration mode Save configuration
Result: User 1 can get multicast traffic from a defined multicast group even if it doesnt send a proper IGMP membership request towards the network. A static multicast group can be used with a combination of the multicast CAC feature to properly limit the no. of multicast streams at the subscriber side in the case when STB uses the control multicast group for servicing or updating purposes. In this case, the static group will not be counted in the CAC rules.
5.9
Configuring multicast access lists
This example shows how to configure multicast access lists on the VDSL2 blade. Multicast access lists offer the possibility to permit or deny multicast traffic to multicast groups or group ranges on subscribers ports. By default, no multicast access lists are configured on the blade. Note: Up to 8 multicast groups can be configured on the subscriber port.
64
User guide (CLI)
5.9.1
Prerequisites
In the network there exist two multicast sources with known IP addresses The configuration is a default; the line profiles are at default values The used IGMP version is 2 The traffic from users is VLAN tagged 5.9.2 Network datagram
Figure 5-8 shows a sample network of multicast access lists and the points where the network features will be configured.
Internet
Router
SI3000 MSAN
Ethernet switch
b.
1/1 0/1
VDSL2 blade
a.
1/2
Modem
a. IGMP static groups b. IGMP mrouter port (dynamically or statically set)
STB
User1
Figure 5-8: Sample network topology for multicast access lists tests
Multicast path
0/1
User guide (CLI)
65
5.9.3
Data plan
Table 5-9: Multicast access list data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5, IGMP queries are sent every 30s. xDSL port 1/2 Multicast VLAN: 5, named as Video User cannot get multicast traffic in the range from 239.1.1.5 to 239.1.1.10 IP address in same network segment as upper router
Router Users
STB 5.9.4
This example shows how to configure the Ethernet switch blade to flood multicast traffic as shown in Figure 5-8. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Mode (ES) # (EV)(Vlan) # (EV)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 vlan name 5 Video configure set igmp set igmp unknowngroupsflood interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enter configuration mode Enable igmp snooping on device Enable flooding of all multicast traffic Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
66
User guide (CLI)
5.9.4.1
This example shows how to configure the VDSL2 blade to pass multicast traffic in VLAN 5 (group 239.1.1.1) and deny all the other multicast groups on subscriber ports as shown in Figure 5-8. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) # Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp multicast access-list Test group 239.1.1.1 interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/2 vlan participation include 5 vlan tagging 5 multicast access-list attach Test deny exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device
Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface
Exit interface 1/2 Exit configuration mode Save configuration
Result: User 1 cannot get multicast content from group 239.1.1.1 because the multicast access list denies this traffic. All traffic from the other multicast groups can be viewed. The multicast access list can be defined as denying so all declared multicast addresses will be forbidden but everything else will be permitted, or as permitting so the declared groups will be permitted and everything else will be denied.
User guide (CLI)
67
5.10 Configuring the standalone IGMP querier

This example shows how to configure the standalone IGMP querier on the VDSL2 blade. The IGMP querier is an essential part of active IGMP topology. It is needed for proper multicast distribution. By default, the standalone IGMP querier is not configured on the blade. Note: The standalone querier cannot be configured on IGMP subscriber ports.
5.10.1 Prerequisites In the network there exist two multicast sources with known IP addresses The configuration is a default; the line profiles are at default values The used IGMP version is 2 The traffic from users is VLAN tagged
68
User guide (CLI)
5.10.2 Network datagram Figure 5-9 shows a sample network with the standalone IGMP querier and the points where the network features will be configured.

SI 3000 MSAN
Ethernet switch
b. 0/1
1/1
VDSL2 blade
a. 1/2
Modem
a. b. IGMP subscriber IGMP standalone querier
STB
User1
Figure 5-9: Sample network topology for MVR tests
Multicast path
0/1
User guide (CLI)
69
5.10.3 Data plan Table 5-10: Standalone IGMP querier data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 xDSL port 1/2 Multicast VLAN: 5, named as Video IP address in same network segment as upper router
Users STB
5.10.3.1 Configuring the Ethernet switch blade This example shows how to configure the Ethernet switch blade to flood multicast traffic as shown in Figure 5-9. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Mode (ES) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video configure set igmp set igmp unknowngroupsflood interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Enter configuration mode Enable igmp snooping on device Enable flooding of all multicast traffic Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
70
User guide (CLI)
5.10.3.2 Configuring the VDSL2 blade This example shows how to configure the VDSL2 blade to pass multicast traffic in VLAN 5 and send queries from the uplink port as shown in Figure 5-9. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 set standalone-querier 60 exit interface 1/2 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Start standalone querier and send messages at 1 minute Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Exit configuration mode Save configuration
Result: User 1 can receive multicast content, the active IGMP topology is properly set, IGMP queries are sent towards the subscriber at a 1-minute interval.
5.11 Configuring IGMP filtering

This example shows how to configure IGMP filtering on the VDSL2 blade. IGMP filtering plays the major role in stopping attacks on the active multicast tree. It prevents users from attacking IGMP topology. By default, IGMP filtering is set on subscriber ports. Only valid (IGMP join and leave) messages are allowed from the user side. 5.11.1 Prerequisites In the network there exist two multicast sources with known IP addresses The configuration is a default; the line profiles are at default values The used IGMP version is 2 The traffic from users is VLAN tagged
User guide (CLI)
71
5.11.2 Network datagram Figure 5-10 shows a sample network with IGMP filtering and the points where the network features will be configured.

SI 3000 MSAN
Ethernet switch
b. 0/1
1/1
VDSL2 blade
a. 1/2
Modem Attack: IGMP query sent STB
a. b.
IGMP filtering IGMP mrouter port (statically or dynamically set)
User1
Figure 5-10: Sample network topology for IGMP filtering test
Multicast path
0/1
72
User guide (CLI)
5.11.3 Data plan Table 5-11: IGMP filtering data plan Item Upstream port Multicast source Data 0/1 ES 0/1 VDSL2 One multicast source: Service provider A: with IP address 10.1.1.1, belonging to VLAN 5, and providing multicast programs in the range from 239.1.1.1 to 239.1.1.10 Providing multicast distribution in VLAN 5, IGMP queries are sent every 30s. xDSL port 1/2 Multicast VLAN: 5, named as Video Sent IGMP queries at 1-minute interval IP address in same network segment as upper router
Router Users
STB
5.11.3.1 Configuring the Ethernet switch blade This example shows how to configure the Ethernet switch blade to flood multicast traffic as shown in Figure 5-10. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Mode (ES) # (ES)(Vlan) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan 5 name Video configure set igmp set igmp unknowngroupsflood interface 0/1 vlan participation include 5 vlan tagging 5 exit interface 1/1 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 with name Video Enter configuration mode Enable igmp snooping on device Enable flooding of all multicast traffic Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 0/1 Enter interface 1/1 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
User guide (CLI)
73
5.11.3.2 Configuring the VDSL2 blade This example shows how to configure the VDSL2 blade to pass multicast traffic in VLAN 5 and send queries from the uplink port, as shown in Figure 5-10. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Mode (EV) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV)(Vlan) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Interface 0/1)# (EV) (Config)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Interface 1/2)# (EV) (Config)# (EV) # Command vlan database vlan 5 vlan name 5 Video set igmp 5 exit configure set igmp interface 0/1 vlan participation include 5 vlan tagging 5 set standalone-querier 60 exit interface 1/2 vlan participation include 5 vlan tagging 5 exit exit save config Purpose Enter VLAN database Add VLAN 5 Name VLAN 5 Video Enable igmp snooping in VLAN 5 Exit vlan database Enter configuration mode Enable igmp snooping on device Enter interface 0/1 Add VLAN 5 on interface Set tagging rules on interface Start stand alone querier and sent messages at 1 minute Exit interface 0/1 Enter interface 1/2 Add VLAN 5 on interface Set tagging rules on interface Exit interface 1/2 Exit configuration mode Save configuration
Result: User 1 can receive multicast content, the active IGMP topology is properly set, IGMP queries are sent towards the subscriber at a 1-minute interval.
User security configuration
This chapter describes how to configure port protection and management port protection on the VDSL2 blade. The chapter consists of the following sections: Understanding Default settings Configuring a protected port
6.1
Understanding
The port protection functionality prevents client ports to communicate between each other. Thus, the enduser can not send any Ethernet frame to the adjacent end-user port on the client's side. All user Ethernet frames can only be transmitted in the uplink direction. The reason for the activation of port protection functionality is above all the prevention of broadcast flood in the Ethernet switch, as well as accounting and traffic measurements. Consequently, all the traffic goes through the router first, and afterwards toward the end-user. This circumstance is especially convenient for the prevention of traffic composed of ARP messages, which have to be delivered to other end-users. The above mentioned restriction for ARP messages is valid for other types of broadcast messages as well.
74
User guide (CLI)
1/1
Flag disable b.
1/2
X
b. a.
Flag disable
VDSL2 blade
a.
1/2
Flag enable a. b. Client ports Uplink ports Traffic is permitted
1/3
Flag enable
Modem
Traffic is not permitted
STB TV
User1 User2
Figure 6-1: Packet processing between protected and unprotected ports An interface with disabled protected flag can communicate with all interfaces, whereas the interface with protected flag set can communicate only with unprotected interfaces. The communication between interfaces is bidirectional, which means that a certain interface can transmit packets as well as receive them from other interfaces. Table 6-1: Example showing communication between protected/unprotected ports A and B Port A Unprotected Unprotected Protected Protected Port B Unprotected Protected Unprotected Protected Traffic from port A to port B Traffic is permitted Traffic is permitted Traffic is permitted Traffic is not permitted
In addition to the port protection configuration, it is possible to configure management port protection. This functionality allows ports, with mn flag set, to communicate with a CPU port. Ports, with mn flag not set, are not allowed to communicate with the CPU port. In other words, IP access to the Ethernet switch is allowed or prevented with the mn flag setting.
User guide (CLI)
75
6.2
Default settings
Table 6-2: Default protected port and management port protection settings Feature Protected port Management port protection Default Flag Settings Enabled for all client ports and disabled for all uplink ports Disabled for all client interfaces and enabled for all uplinks.
6.3
6.3.1
Configuring a protected port

Enabling port protection
The flag has two values: enable when the port is protected, and disable when it is unprotected. When the flags of all ports have the default value, communication between two client ports is only permitted through uplink. To enable a protected flag on the clients interface: Step 1 Mode (EV)(Config) # Command interface <interface> Purpose Enter interface mode.
(EV)(Interface x/x) #
switchport protected
Enable protected flag.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# switchport protected (EV)# show switchport protected Inft Protected ------------------------------------------------0/1 Disable 0/2 Enable 0/3 Enable
76
User guide (CLI)
6.3.2
Enabling mn port protection
To enable mn flag on the interface: Step 1 Mode (EV)(Config) # Command interface <interface> Purpose Enter interface mode.
(EV)(Interface x/x) #
mn
Enable mn flag.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# mn (EV)# show port flags Interface MN ------------------------------------------------0/1 Enable 0/2 Disable 0/3 Disable
6.4
Configuring MAC source guard
This example shows how to configure the MAC source guard on the VDSL2 blade. The MAC source guard offers the possibility to secure an L2 network while eliminating possible L2 loops on the user-network side. By default, the MAC source guard is enabled on the subscriber ports.
Note: The MAC source guard does not differentiate between the traffic in separate VLANs. VLANs are ignored in the case of the detected loop. 6.4.1 Prerequisites
The configuration is a default; the line profiles are at default values The traffic from users is VLAN untagged The router devices offer a connectivity check
User guide (CLI)
77
6.4.2
Network datagram
Figure 6-2 shows a sample network for MAC source guard testing and the points where the network features will be configured.
Router
SI 3000 MSAN
0/1
Ethernet switch 1/1 1/1 VDSL2 blade
a.
0/2
X
Modem
a.
MAC source guard enabled
Loop on modem site
Figure 6-2: Sample network topology for MAC source guard tests Data plan Table 6-1: MAC source guard data plan Item Upstream port Data source Users PC 6.4.2.1 Data 0/1 ES 1/1 VDSL2 Router & PC interface providing basic IP connectivity test; the communication is made in the default VLAN xDSL port 0/2 IP address in the same network segment as the upper router
There is no need to configure the Ethernet switch blade. Result: Unicast traffic can pass through the Ethernet switch blade.
78
User guide (CLI)
6.4.2.2
This example shows how to configure the VDSL2 blade to block looped traffic and protect the network from disaster. Default configuration on the VDSL2 blade Step 1 2 Mode (EV)# (EV)(Config)# Command configure mac-source-guard Purpose Enter configure mode. Enable MAC source guard globally. Enable error-disabled detection administrative state cause. Configure error-disabled recovery interval to one minute. Enter interface 0/2.
(EV)(Config)#
errdisable detect cause macsource-guard errdisable recovery interval 1
(EV)(Config)#
(EV)(Config)#
interface 0/2
6 7 8 9
(EV)(Interface 0/2)# (EV)(Interface 0/2)# (EV)(Config)# (EV)#
mac-source-guard exit exit save config
Enable MAC source guard. Exit interface 0/2. Exit configuration mode. Save configuration.
Result: Unicast traffic can pass. When the traffic is going from the router towards the PC, the MAC table on the Ethernet switch learns the routers MAC on the 0/1 port and the VDSL2 blade learns it on the 1/1 port. When a loop is created on the modem site, the port on the VDSL2 is blocked and traffic does not pass. The MAC table on the VDSL2 blade is properly learned and the network is saved from an L2 flood disaster. 6.4.2.3 Displaying the VDSL2 MAC source guard parameters
To display the VDSL2 MAC source guard parameters: Step 1 Mode (EV)# Command show mac-source-guard 0/2 Purpose Display MAC source guard parameters on the interface 0/2.
User guide (CLI)
79
6.4.2.4
Displaying the error-disabled detection administrative state cause
To display the error-disabled detection administrative state cause: Step 1 Mode (EV)# Command show errdisable detect Purpose Display the error-disabled detection administrative state cause.
6.4.2.5
Displaying the error-disabled recovery interval
To display the error-disabled recovery interval: Step 1 Mode (EV)# Command show errdisable recovery Purpose Display the error-disabled recovery interval.
6.4.2.6
Displaying the error-disabled interface statistics
To display the error-disabled interface statistics: Step 1 Mode (EV)# Command show errdisable statistics <interface/all> Purpose Display the number of times an interface was errordisabled.
Example: (EV)# show errdisable statistics interface 0/2
6.5
Configuring DHCP Relay Agent
This chapter consists of the following sections: Understanding Default DHCP Relay Agent (DHCP RA) settings Display of DHCP RA Settings Configuration of global settings Configuration of interfaces
80
User guide (CLI)
6.5.1 Understanding Advanced broadband access requires high-speed xDSL modems with several end users interconnected via a Local Area Network. In order to assign IP addresses to end users, Dynamic Host Configuration Protocol (DHCP) can be used. Unfortunately, DHCP does not provide any security mechanisms such as end-user authorization, or protection against network break-ins. DHCP Option 82 supplements DHCP in the field of security.
DHCP Servers
Internet
Router
0/1 SI3000 MSAN Ethernet Switch
1/1 0/1
VDSL2 Blade
1/2
Modem
STB
User 1
User 2
Figure 6-3: Sample network topology for PPPoE Intermediate Agent Therefore it is necessary to add additional parameters to DHCP messages to provide DHCP server(s) with necessary information. Such information is added as option 82 to DHCP discover/requests messages. A DHCP relay agent (DHCP RA) is set up in a network element between a DHCP client and a DHCP server. When packets travel from a DHCP client to a DHCP server, a DHCP relay agent inserts Relay Agent Information, which uniquely defines an xDSL line (Circuit ID, Remote ID).
User guide (CLI)
81
6.5.1.1
DHCP filtering
A DHCP filtering is a DHCP security feature which provides security by filtering untrusted DHCP messages. The above mentioned messages are received outside the network, or firewall, and therefore can cause traffic attacks within the network. The DHCP filtering allows the administrator to configure each port as a trusted, or untrusted, port. The port that has the authorized DHCP server should be configured as a trusted port. Any DHCP responses received on a trusted port will be forwarded. All the other ports should be configured as untrusted. Beside this, any DHCP responses received on the ingress side will be discarded. 6.5.2 Default DHCP RA settings Table 6-3: Default DHCP RA settings Global Configuration Commands Feature DHCP RA DHCP RA mode DHCP RA circuit type DHCP RA option 82 Addition of circuit ID globally Addition of remote ID globally Keep or remove option 82 in reply Option 82 unicast extension Interface Configuration Commands Feature DHCP RA DHCP RA mode DHCP RA circuit type DHCP RA option 82 Addition of circuit ID globally Addition of remote ID globally Keep or remove option 82 in reply Option 82 unicast extension DHCP RA metering 6.5.3 Displaying DHCP RA settings This group of commands: displays DHCP RA global configuration and statistics, displays major DHCP RA interface configuration, displays DHCP RA parameters and statistics on the interface, displays VLAN-s specific DHCP RA parameters and displays DHCP RA server configuration for incoming VLAN-s.
Default Setting Disabled Simplified Untrusted Disabled Enabled Disabled Remove Disable Default Settings Disabled Simplified Untrusted Disabled Enabled Disabled Remove Disable Disabled
82
User guide (CLI)
6.5.3.1
Displaying DHCP RA global configuration and statistics
To display global DHCP RA configuration and statistics: Step 1 Mode (EV)# Command show dhcpr global Purpose Display DHCP RA global configuration and statistics.
Example: (EV)# show dhcpr global 6.5.3.2 Displaying major DHCP RA interface configuration
To display major DHCP RA configuration of all interfaces: Step 1 Mode (EV)# Command show dhcpr interface all Purpose Display major DHCP RA configuration of all interfaces.
Example: (EV)# show dhcpr interface all Administrative State Remote ID ------------------ --------------------------------Enable for all Enable for servers Enable for clients Disable None None Jack Doe, Tel. 123456 John Doe, Tel. 012345
Interface ID ---------------------0/1 0/2 . 0/3 0/4 (EV)# 6.5.3.3
Displaying DHCP RA parameters and statistics on the interface
To display DHCP RA parameters and statistics on the selected interface: Step 1 Mode (EV)# Command show dhcpr interface <interface> Purpose Display DHCP RA parameters and statistics on the selected interface.
Example: (EV)# show dhcpr interface 0/1 Administrative State Circuit type Option82 Unicast Extension Insert Option 82 Keep Option 82 in Reply : : : : : Enable for clients Trusted Disable Enable Remove
User guide (CLI)
: : : : "ISKRATEL: MEA56 eth X/1/3:<incoming-vlanid" "Kevin Black, Sunset Blvd 1234" Disabled 50 pps
83
Circuit ID value Remote ID value Metering Max DHCP RA data rate (EV)# 6.5.3.4
Displaying VLAN specfic DHCP RA parameters
To display VLAN specific DHCP parameters: Step 1 Mode (EV)# Command show dhcpr vlans Purpose Display VLAN specific DHCP RA parameters and the translation table between upstream frames VLAN and the DHCP RA servers on the network ports.
Example: (EV)# show dhcpr vlans Access VLAN ID -------1 100 200 300 -------6.5.3.5 DHCP Relay Agent Status -----------Disable Not Configured Not Configured Not Configured -------------
DHCPR Mode ------------Not Configured Full Simplified Full --------------
Displaying DHCP server configuration for incoming VLAN-s
To display DHCP server configuration for incoming VLAN-s: Step 1 Mode (EV)# Command show dhcpr servers Purpose Display the DHCP server configuration per incoming VLAN.
Example: (EV)# show dhcpr servers Default DHCP server for FULL mode: 1.2.3.4 Access VLAN ID ------100 200 300 --------
DHCP Server IP Address ---------------------10.20.3.40 20.21.22.23 10.20.30.40 ----------------------
84
User guide (CLI)
6.5.4 Configuring DHCP RA global settings This group of commands: sets default DHCP RA server for all access VLAN-s, sets or removes different DHCP RA server for particular access VLAN, enables or disables DHCP RA generally, sets DHCP RA mode to full or simplified mode, sets DHCP RA circuit type to trusted or untrusted, enables or disables insertion of option82, enables or disables addition of circuit ID globally, enables or disables addition of remote ID globally, keeps or removes option82 in reply, enables or disables option82 unicast extension. 6.5.4.1 Setting default DHCP RA server for all access VLAN-s
To set default DHCP RA server for all access VLAN-s: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr server <srv-ip> Purpose Enter configure mode. Set default DHCP RA server for all access VLAN-s. No command is not allowed to make sure the default server is always configured. Full mode cant be configured if default DHCP server is not set. Change default server by rewriting it.
Example: (EV)# configure (EV)(Config)# dhcpr server 10.20.3.40 6.5.4.2 Setting or removing different DHCP RA server for particular access VLAN
To set or remove different DHCPR server for particular access VLAN: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr server <srv-ip> vlanid <vlanid> Purpose Enter configure mode. Set or remove different DHCP RA server for particular access VLAN. This setting overrules the default DHCP server setting. In this case, no command is allowed.
Example: (EV)# configure (EV)(Config)# dhcpr server 10.20.3.40 vlanid 5
User guide (CLI)
85
6.5.4.3
Enabling or disabling DHCP RA generally
To enable or disable DHCPR generally: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr Purpose Enter configure mode. Enable or disable DHCP RA generally.
Example: (EV)# configure (EV)(Config)# dhcpr Note: The DHCP RA can be disabled globally per system, per each network and broadband subscribers port, or per VLAN. The priority (from the highest to the lowest) for disabling the DHCP RA is: system, interface (port) and VLAN. 6.5.4.4 Setting DHCP RA mode to full or simplified mode
To set DHCPR mode to full or simplified mode: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr full Purpose Enter configure mode. Set dhcpr mode to full or simplified. Used for VLAN-s with unconfigured DHCP RA mode. Use no command to return to simplified mode.
Example: (EV)# configure (EV)(Config)# dhcpr full Note: The DHCP RA can work in two modes: simplified mode (only adding options), and full mode (adding its own IP address, incrementing hops and rerouting DHCP message to configured destination DHCP server). The mode is configurable per VLAN as well as per system.
86
User guide (CLI)
6.5.4.5
Setting DHCP RA circuit type to trusted or untrusted
To set DHCP RA circuit type to trusted or untrusted: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr trusted Purpose Enter configure mode. Set dhcpr circuit type to trusted or untrusted. Used for interfaces with unconfigured DHCP RA circuit type. When interface (port) is configured as untrusted, only DHCP client messages, without option 82 and giaddr field, are allowed.
Example: (EV)# configure (EV)(Config)# dhcpr trusted 6.5.4.6 Enabling or disabling insertion of option 82
To enable or disable insertion of option 82: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 Purpose Enter configure mode. Enable or disable insertion of option 82. Used for interfaces with unconfigured DHCP RA option 82 value.
Example: (EV)# configure (EV)(Config)# dhcpr option82 6.5.4.7 Enabling or disabling addition of circuit ID globally
To enable or disable addition of circuit ID globally: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 suboption cid Purpose Enter configure mode. Enable or disable addition of circuit ID globally.
Example: (EV)# configure (EV)(Config)# dhcpr option82 suboption cid
User guide (CLI)
87
6.5.4.8
Enabling or disabling addition of remote ID globally
To enable or disable addition of remote ID globally: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 suboption rid Purpose Enter configure mode. Enable or disable addition of remote ID globally.
Example: (EV)# configure (EV)(Config)# dhcpr option82 suboption rid 6.5.4.9 Keeping or removing option 82 in reply
To keep or remove option 82 in reply: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 keep Purpose Enter configure mode. Keep or remove option 82 in reply. Used for interfaces with unconfigured DHCP RA option 82 reply value.
Example: (EV)# configure (EV)(Config)# dhcpr option82 keep 6.5.4.10 Enabling or disabling option 82 unicast extension To enable or disable option 82 unicast extension: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 unicast extension Purpose Enter configure mode. Enable or disable option 82 unicast extension. Used for interfaces with unconfigured DHCP RA option 82 unicast extension value.
Example: (EV)# configure (EV)(Config)# dhcpr option82 unicast extension
88
User guide (CLI)
6.5.5 Configuring Interfaces This group of commands: enables processing of DHCP RA requests and replies on the interface, enables processing of DHCP RA requests on the interface, enables processing of DHCP RA replies on the interface, disables DHCP RA on the interface, sets or unconfigures interface circuit type, sets or unconfigures insertion of option 82 on the interface, sets or unconfigures option 82 in replies on the interface, sets or unconfigures option 82 unicast extension on interface, slows or bans debugging on the interface, sets interface remote-id, enables or disables overload protection and sets interface DHCP port throughput. 6.5.5.1 Enabling processing of DHCP RA requests and replies on the interface
To enable processing of DHCP RA requests and replies on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr state enable Purpose Enter configure mode. Enable processing of DHCP RA requests and replies on interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr state enable
Note: This command specifies the interface (port) as trusted in terms of DHCP filtering. Thus, the DHCP server replies can be intercepted and processed on this interface (port). 6.5.5.2 Enable processing of DHCP RA requests on the interface
To enable processing DHCPR requests on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr state enable-client Purpose Enter configure mode. Enable processing of DHCP RA requests on interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr state enable-client
User guide (CLI)
89
6.5.5.3
Enable processing of DHCP RA replies on the interface
To enable processing of DHCP RA replies on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr state enable-server Purpose Enter configure mode. Enable processing of DHCP RA replies on interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr state enable-server
Note: This command specifies the interface (port) as trusted in terms of DHCP fi ltering. Thus, the DHCP server replies can be intercepted and processed on this interface (port). 6.5.5.4 Disable DHCP RA on the interface
To disable DHCP RA on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr state disable Purpose Enter configure mode. Disable DHCP RA on the interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr state disable 6.5.5.5 Setting or unconfiguring interface's circuit type
To set or unconfigure interface's circuit type: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr circuit <trusted/untrusted/not configured> Purpose Enter configure mode. Set or unconfigure interfaces circuit type.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr circuit trusted
90
User guide (CLI)
6.5.5.6
Setting or unconfiguring insertion of option 82 on the interface
To set or unconfigure insertion of option 82 on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 enable Purpose Enter configure mode. Sets or unconfigures insertion of option 82 on the interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr option82 enable 6.5.5.7 Setting or unconfiguring option 82 in replies on the interface
To set or unconfigure option 82 in replies on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 reply <keep/remove/not configured> Purpose Enter configure mode. Sets or unconfigures option 82 in replies on the interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr option82 reply keep 6.5.5.8 Setting or unconfiguring option 82 unicast extension on the interface
To set or unconfigure option 82 unicast extension on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr option82 unicastextension <enable/disable/notconfigured> Purpose Enter configure mode. Sets or unconfigures option 82 unicast extension on the interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr option82 unicast-extension enable
User guide (CLI)
91
6.5.5.9
Allowing or banning debugging on the interface
To allow or ban debugging on the interface: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr debug Purpose Enter configure mode. Allows or bans debugging on the interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr debug 6.5.5.10 Setting interface's remote-id To set set interface's remote-id: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr remote-id <remote-id> Purpose Enter configure mode. Sets interfaces remote-id (string). Clears interfaces remote-id.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr remote-id rmtid1 6.5.5.11 Enabling or disabling overload protection To enable or disable overload protection: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr metering Purpose Enter configure mode. Enables or disables overload protection.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr metering
Note: This command, and the command dhcpr rate <rate>, allow traffic shaping in order to limit DHCP traffic per BCM interface. As a consequence, an immediate action of DHCP RA takes place, if only it is enabled generally as well as on the interface.
92
User guide (CLI)
6.5.5.12 Setting interface's DHCP RA port throughput To set interface's DHCP RA port throughput: Step 1 2 Mode (EV)# (EV)(Config)# Command configure dhcpr rate <rate> Purpose Enter configure mode. Sets interfaces DHCP RA port throughput in packets per second.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dhcpr rate 500
6.6
Configuring PPPoE intermediate agent
This chapter consists of the following chapters: Understanding Default PPPoE intermediate agent (PPPoE IA) settings Configuring PPPoE IA bridge parameters and Configuring interface parameters.
User guide (CLI)
93
6.6.1 Understanding In order to provide security mechanism such as authorization of end users, or protection against network break-ins, a relay agent based on the PPPoE protocol can be used. The PPPoE IA resides in the network element. A BRAS server is attached to a RADIUS server. The BRAS server terminates the PPPoE (PPP) connection, and forwards special PPPoE VSA data to a RADIUS server. The relay agent inserts the PPPoE VSA data in special fields (tags) of the PPPoE packet payload. In this way, the RADIUS server is provided with unique xDSL line identification, including the geographical location of the network element.
Internet
RADIUS Server
PPPoE Server (BRAS) 0/1 SI3000 MSAN Ethernet Switch 1/1 VDSL2 Blade 1/2 0/1
Modem
STB
User1
User2
Figure 6-4: Sample network topology for PPPoE Intermediate Agent The structure of the VSA tags contains the Agent Circuit ID and Agent Remote ID fields. The first field uniquely defines the network element and the xDSL line on which the PPPoE packet for discovery purposes has been received. The second field uniquely defines the end user on an xDSL line.
94
User guide (CLI)
6.6.2 Default PPPoE IA settings Table 6-4: Default DHCPR settings Feature xDSL line Remote ID on specific interface 6.6.3 Configuring PPPoE IA bridge parameters This group of commands: Sets PPPoE IA functionality in general. 6.6.3.1 Setting PPPoE IA functionality in general Default Setting Empty
To set PPPoE IA functionality in general: Step 1 2 Mode (EV)# (EV)(Config)# Command configure pppoe Purpose Enter configure mode. Set PPPoE IA functionality in general.
Example: (EV)# configure (EV)(Config)# pppoe 6.6.3.2 Configuring interface parameters
This group of commands: Configures xDSL line remote ID, Displays status and summary statistics of PPPoE IA, Displays current information on the specified interface, Displays current information on the specified interface or on all interfaces, Sets PPPoE IA trusted or untrusted mode of operation. 6.6.3.3 Configuring xDSL line remote ID
To configure xDSL line remote ID: Step 1 2 3 Mode (EV)# (EV)(Config)# (EV)(Interface x/x) Command configure interface <interface> pppoe remoteid <remote-id> Purpose Enter configure mode. Enter interface mode. Enter xDSL line identifier on selected interface (string up to 32 symbols).
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# pppoe remoteid KevinBlack-360500721
User guide (CLI)
95
6.6.3.4
Displaying status and summary statistics of PPPoE IA
To display status and summary statistics of PPPoE IA: Step 1 2 Mode (EV)# (EV)(Config)# Command config show pppoe global Purpose Enter config mode. Show status and summary statistics of PPPoE IA.
Example: (EV)# configure (EV)(Config)# show pppoe global PPPoE Intermediate Agent : Disabled. Debug : Off. Circuit ID : "ISKRATEL:MEA56". (EV)# 6.6.3.5 Displaying current PPPoE IA information on the specified interface
To display current PPPoE IA information on the selected interface: Step 1 2 Mode (EV)# (EV)(Config)# Command config show pppoe interface <interface> Purpose Enter config mode. Display current PPPoE IA information on the selected interface.
Example: (EV)# configure (EV)(Config)# show pppoe interface 0/1 Interface ----------0/1 (EV)# 6.6.3.6 PPPoE IA ---------Disabled Mode ----------Untrusted Remote ID -------------------------------0/1
Displaying current PPPoE IA information on all interfaces
To display current PPPoE IA information on all interfaces: Step 1 2 Mode (EV)# (EV)(Config)# Command config show pppoe interface all Purpose Enter config mode. Display current PPPoE IA information on all interfaces.
Example: (EV)# configure (EV)(Config)# show pppoe interface all Interface PPPoE IA Mode Remote ID
96
User guide (CLI)
----------- ---------- ----------- -------------------------------0/1 disabled Untrusted "0/1" 0/2 enabled Trusted "0/2" 0/3 enable client Untrusted "0/3" 0/4 enable server Untrusted none 0/5 Disabled Untrusted none (EV)(Config)# 6.6.3.7 Setting PPPoE IA trusted or untrusted mode of operation
To set PPPoE IA trusted or untrusted mode of operation: Step 1 2 Mode (EV)# (EV)(Config)# Command config pppoe mode trusted Purpose Enter config mode. Enter trusted mode of operation. When interface (port) is configured as untrusted, only PPPoE client messages, without VSA tag, are allowed.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# pppoe mode trusted
6.7
Configuring IP Source Guard
This chapter consists of the following sections: Understanding Default IP Source Guard settings General settings Configuration of interface parameters Displaying IP Source Guard settings 6.7.1 Understanding
The security of the IP source address denotes a security mechanism that enables a telecommunications operator to check the assigned end user (host) IP address (or combination with the MAC address),and thus prevents its possible false presentation with the IP address of another end user. The DHCP relay agents or servers only assign the IP addresses, and do not check them. 6.7.2 Default IPSG settings
Table 6-5: Default IPSG settings Feature IP Source Guard administrative state IP Source Guard binding store IP Source Guard administrative state on the interface IP Source bindings entry limit Type of filtering for interfaces Default Setting Disabled.
1 All port filters are set only for IP address filtering.
User guide (CLI)
97
6.7.3
General settings
This group of commands: enables or disables the IPSG functionality in general, enables or disables the IPSG store mode, specifies IPSG bindings entry limit for all interfaces and specifies type of filtering for all interfaces. 6.7.3.1 Setting IPSG functionality in general
To enable IPSG functionality in general: Step 1 2 Mode (EV)# (EV)(Config)# Command configure ipsg Purpose Enter configure mode. Enable IPSG functionality.
Example: (EV)# configure (EV)(Config)# ipsg 6.7.3.2 Storing of IPSG binding table settings
To enable storing of IPSG binding table settings: Step 1 2 Mode (EV)# (EV)(Config)# Command configure ipsg store Purpose Enter configure mode. Enable store mode.
Example: (EV)# configure (EV)(Config)# ipsg store 6.7.3.3 Specifying IPSG binding's entry limit for all interfaces
To set IP source binding's entry limit for all interfaces. In other words, the greatest number of combinations composed of IP and MAC addresses: Step 1 2 Mode (EV)# (EV)(Config)# Command configure ipsg limit <limit> Purpose Enter configure mode. Specify IPSG binding's limit. The value of <limit> parameter must lie between 1and 10. The default value is 1.
Example: (EV)# configure (EV)(Config)# ipsg limit 2
98
User guide (CLI)
6.7.3.4
Specifying type of filtering for interfaces
To set type of filtering for all interfaces: Step 1 2 Mode (EV)# (EV)(Config)# Command configure ipsg filtering <filtering> Purpose Enter configure mode. Specify type of filtering. The value of <filtering> parameter is <iponly> or <ipmac>.
Example: (EV)# configure (EV)(Config)# ipsg filtering iponly Example: (EV)# configure (EV)(Config)# ipsg filtering ipmac 6.7.4 Configuration of interface parameters
This group of commands: sets the interface's state, specifies IPSG binding's entry limit and specifies type of filtering. 6.7.4.1 Setting the interface's state
To set the interface's state: Step 1 2 3 Mode (EV)# (EV)(Config)# (EV)(Interface x/x)# Command configure interface <interface> ipsg Purpose Enter configure mode. Enter interface mode. Set the IPSG state on the interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# ipsg
User guide (CLI)
99
6.7.4.2
Specifying IPSG binding's entry limit for interfaces
To specify IPSG binding's entry limit: Step 1 2 3 Mode (EV)# (EV)(Config)# (EV)(Interface x/x) Command configure interface <interface> ipsg limit <limit> Purpose Enter configure mode Enter interface mode. Specify IPSG binding's entry limit. The value of <limit> parameter must lie between 1 and 10. The default value is 1.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# ipsg limit 2 6.7.4.3 Specifying type of filtering for interfaces
To specify type of filtering for interfaces: Step 1 2 3 Mode (EV)# (EV)(Config)# (EV)(Interface x/x) Command configure interface <interface> ipsg filtering <filtering> Purpose Enter configure mode. Enter interface mode. Enter type of filtering for interface. The value of <filtering> parameter is <iponly> or <ipmac>.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# ipsg filtering iponly Example: (EV)# configure (EV)(Config)# interface 0/2 (EV)(Interface 0/2)# ipsg filtering ipmac 6.7.5 Displaying IPSG settings
This group of commands: displays general IPSG setting on all interfaces and displays IPSG settings on the interface.
100
User guide (CLI)
6.7.5.1
Displaying general IPSG settings on all interfaces
To display the state of all IPSG settings on all interfaces: Step 1 Mode (EV) # Command show ipsg Purpose Display general IPSG settings on all interfaces.
Example: (EV)# show ipsg IP Source Guard: enabled Binds Storing: enabled Interface State Limit Filtering Matched frames ---------------------------------------------------------------------0/1 enabled 2 ip mac 0/2 disabled 2 ip mac 0/3 disabled 2 ip mac 0/4 disabled 2 ip mac 0/5 disabled 2 ip mac . 0/29 disabled 2 ip mac 0/30 disabled 2 ip mac 0/31 disabled 2 ip mac 0/32 disabled 2 ip mac 1/1 disabled 1/2 disabled 6.7.5.2 Displaying IPSG settings on the interface
To display the state of all IPSG settings on the selected interface: Step 1 Mode (EV) # Command show ipsg <interface> Purpose Display general IPSG settings on the selected interface.
Example: (EV)# show ipsg interface 0/2 (EV)#show ipsg interface 0/2 Interface State Limit Filtering Matched frames ---------------------------------------------------------------------0/2 disabled 2 ip mac (EV)#
User guide (CLI)
101
System security configuration
This chapter describes how to configure remote access filtering on the VDSL2 blade. It consists of these sections: Understanding Default settings Configuring remote access filtering Configuring storm control
7.1
7.1.1
Understanding
Remote access filtering
The remote access filter functionality is intended to restrict access to the system services of the VDSL2 blade. Access checking is carried out on the telnet, ssh, snmp and ftp services. This functionality only refers to the service traffic terminating on the VDSL2 blade and not to the user traffic. The system services that use this functionality are allowed or not allowed to establish a new session (or request) according to the filtering rules. The IP source address checking is done according to the following algorithm: If the list of filtering rules is empty, then the Accept status applies to all packets. If the packet's source IP address matches one of the rules, then the related Accept or Reject action will be performed, Otherwise, if the packet's source IP address does not match one of the rules, the (implicit) Reject action will be performed. Other sessions and requests that are in progress continue to proceed further, regardless of the change of rules. All the above-mentioned modules use the same filtering rules. By activating this function each service can decide whether or not to accept the session.
2.3.4.5 VDSL2 blade Access rejected
Internet
PC2 1.2.3.4 Access accepted PC1
Figure 7-1: An example of a network for remote access filter functionality 7.1.2 Storm control
Storm control prevents Ethernet interfaces from being disrupted by a broadcast, multicast or destination lookup failure (dlf) unicast storm. A storm occurs when broadcast, multicast or dlf unicast Ethernet frames flood the subnet, creating excessive traffic and, at the same time, degrading the network performance. Errors in the protocol-stack implementation or in the network configuration can be a reason for a storm.
102
User guide (CLI)
Storm control is a mechanism that protects the network element when a large number of broadcasts, multicasts or dlf unicasts is coming. Because these frames are forwarded to all interfaces, immense number of storms could stop the operation of the whole broadcast domain as well as overload the network elements. The storm control mechanism is able to distinguish between the following Ethernet frame types: A broadcast frame having a broadcast destination MAC address, A multicast frame having a multicast destination MAC address, A unicast frame having an unknown destination MAC address for the MAC table. When the storm control mechanism is enabled on the interface, the network element monitors the frames received on the interface by counting the number of broadcast, unicast and multicast frames within onesecond interval. When the interface threshold is reached, all the incoming traffic of the considered type (broadcast, unicast or multicast) is dropped until the end of the current interval. However, the STP BPDU frames are the exception. These frames are always processed. The threshold is specified in frames (packets) per second for each type of traffic: broadcast, multicast and unicast. Each interface, having enabled storm control, has three control levels, which are used for the abovementioned types of traffic. Storm situations are printed out. In order to avoid many lines of listing on the screen, the message appears only after ten consecutive intervals of a storm situation. The message contains the interface where a storm is detected and the type of storm: broadcast, multicast or unicast. After a storm situation is absent for more than ten consecutive intervals, another message is displayed on the screen informing that the storm has stopped on the considered interface.
7.2
7.2.1
Default settings
Remote access filtering
Table 7-1: Default Remote access filtering settings Feature IP Address IP Mask Filtering Rule Index Default settings 0.0.0.0 0.0.0.0 0 (Table with filtering rules is empty. The connection is accepted from any host.)
7.2.2
Storm control
Table 7-2: Default Storm control settings Feature The storm-control functionality for selected type of traffic The storm-control threshold in frames (packets) per second for selected type of traffic Default settings Broadcast mode, multicast mode and unicast mode are disabled. Broadcast rate, multicast rate and unicast rate is set to zero. All the traffic types are suppressed. If the rate value is 250000, then there is no storm-control suppression for selected type of frames.
User guide (CLI)
103
7.3
7.3.1
Configuring remote access filtering

Creating a filtering rule
To create, accept or reject a filtering rule for IP address checking: Step 1 2 Mode (EV)# (EV)(Config)# Command configure remote access add <ip> <mask> accept|reject [<pos>] Purpose Enter configuration mode. Add a new filtering rule to the consecutive position pos, or to the start position. If the rule is inserted into the consecutive position, then all the other rules are shifted by one position downwards. It is possible to add up to 200 filtering rules. The implicit reject rule can be omitted by adding the following command in the last row of the table:(EV)# remote access add 0.0.0.0 0.0.0.0.0 accept Example: (EV)# configure (EV)(Config)# remote access add 0.0.0.0 0.0.0.0 accept (EV)(Config)# remote access add 2.3.4.5 255.255.255.255 reject (EV)(Config)# remote access add 1.2.3.4 255.255.255.255 accept
7.3.2
Removing a filtering rule
To remove the filtering rule from the table of rules: Step 1 2 Mode (EV)# (EV)(Config)# Command configure remote access remove [<pos>/all] Purpose Enter configuration mode. Remove the filtering rule from the consecutive position (pos), or remove the last filtering rule. If the filtering rule is removed, then all the other rules below will be shifted by one position upwards. This command also allows the simultaneous cancellation of all filtering rules.
Example: (EV)# configure (EV)(Config)# remote access remove all
104
User guide (CLI)
7.3.3
Displaying the table of filtering rules
The table of filtering rules is drawn up in the following form: Filtering Rule Index: IP Address/IP Mask -> [Accept | Reject] Filtering Rule Index: IP Address/IP Mask -> [Accept | Reject] <Implicit Reject> The filtering rule with index 1 is checked first, the filtering rule with index 2 is checked second, and so on, until the matched filtering rule is found, or until this search comes to the end of the table. To display the table that contains the filtering rules: Step 1 Mode (EV)# Command show remote access Purpose Display the table of filtering rules.
Example: (EV)# show remote access 1. 1.2.3.4/255.255.255.255-> accept 2. 2.3.4.5/255.255.255.255-> reject 3. 0.0.0.0/0.0.0.0-> accept
7.4
7.4.1
Configuring storm control

Enabling/disabling storm control for all interfaces
To enable or disable storm control for all interfaces: Step 1 2 Mode (EV)# (EV)(Config)# Command configure storm-control <traffic> all Purpose Enter configuration mode. Enable storm control for all interfaces. If the word no precedes the command, then storm control is disabled for all interfaces.
Example: (EV)# configure (EV)(Config)# storm-control broadcast all 7.4.2 Enabling/disabling storm control for one interface
To enable or disable storm control for one interface: Step 1 2 3 Mode (EV)# (EV)(Config) # (EV)(Interface x/x) # Command configure Interface <interface> storm-control <traffic> Purpose Enter configuration mode. Enter interface mode. Enable storm control for one interface. If the word no precedes the command, then storm control is disabled on selected interface.
User guide (CLI)
105
Example: (EV)# configure (EV)(Config)# interface 1/1 (EV)(Interface 1/1)# storm-control broadcast 7.4.3 Configuring threshold for all interfaces
To configure threshold for all interfaces: Step 1 2 Mode (EV)# (EV)(Config)# Command configure storm-control <traffic> all <rate> Purpose Enter configuration mode. Configure threshold for all interfaces. If the word no precedes the command, then storm control is disabled for all interfaces.
Example: (EV)# configure (EV)(Config)# storm-control broadcast all rate 1000 7.4.4 Configuring threshold for one interface
To configure threshold for one interface: Step 1 2 3 Mode (EV)# (EV)(Config) # (EV)(Interface x/x)# Command configure interface <interface> storm-control <traffic> rate <rate> Purpose Enter configuration mode. Enter interface mode. Configure threshold for one interface. If the word no precedes the command, then storm control is disabled for all interfaces.
Example: (EV)# configure (EV)(Config)# interface 1/1 (EV)(Interface 1/1)# storm-control broadcast rate 1000 7.4.5 Show storm control state for all interfaces
To show the storm control state for all interfaces: Step 1 Mode (EV)# Command show storm-control all Purpose Display storm control state of all interfaces.
106
User guide (CLI)
Example: (EV)# show storm-control all Bcast Bcast Mode Rate ---------Disable 1000 Disable 1000 Mcast Mcast Mode Rate --------Disable 1000 Disable 1000 Ucast Ucast Mode Rate --------Disable 1000 Disable 1000
Intf ----0/1 0/2 7.4.6
Show storm control state for one interface
To show storm control state for a single interface: Step 1 2 3 Mode (EV)# (EV)(Config) # (EV)(Interface x/x)# Command configure interface <interface> show storm-control <interface> Purpose Enter configuration mode. Enter interface mode. Display storm control for a single interface.
Example: (EV)# configure (EV)(Config)# interface 1/1 (EV)(Interface 1/1)# show storm-control 1/1 Bcast Bcast Intf Mode Rate ----- ---------0/1 Disable 1000 Mcast Mcast Mode Rate --------Disable 1000 Ucast Ucast Mode Rate --------Disable 1000
8
8.1
ACL configuration
Configuring ACL
This chapter describes how to configure ACL. All configuration guides are shown as the Iskratel MSAN system, consisting of a VDSL2 and an Ethernet switch blade. This chapter consists of these sections: Understanding ACL Default ACL settings Best practice examples of: L2 ACL L3-L4 ACL Advanced ACL Displaying proper ACL information
User guide (CLI)
107
8.1.1
nderstanding ACL
The product makes it possible to define both input and output filters for an individual interface. After being installed, the filter is used on each packet that leaves the device or enters it over an interface. Filters are installed in two steps. In step one, a filter is defined and it gets a name; in step two, such a filter is installed either on an interface input or output. The filter can be installed in any number of locations. If several filters are installed on an interface, the packet first goes in a sequence over the chain of rules of static filters. If it is caught by one of the rules in filters, an appropriate action (accept/drop) is performed if it does not go through dynamic filters installed on the interface. The implicit deny is at the end of the chain. The following types of ACL are supported: L2 ACL L3-L4 ACL Advanced ACL (mixed) All types of ACL can be attached in the ingress and egress direction on user ports. User ports are ports on the EV blade 0/1 to 0/32.
Note: ACLs (Access lists) can also be called filters.
8.1.2
Configuring L2 ACL on user ports
This example shows how to attach ACL to a user port.
Note: User ports are more capable than uplink ports.
There is no ACL attached to the interface by default. 8.1.2.1 Prerequisites
Client PC Server PC Traffic can pass from a Client PC to a Server PC.
108
User guide (CLI)
8.1.2.2
Network datagram
Figure 8-1 shows a sample network for ACL and points where appropriate network features will be configured.
Telnet server
SI 3000 MSAN
b.
0/1

a.
0/2 Modem
a. b. Client (access) port uplink port
0/3
User
Figure 8-1: Sample network topology for ACL tests
8.1.2.3
Data plan
Table 8-1: L2 ACL data plan Item Server PC User PC Ethernet switch VDSL2 blade Data MAC address: 00:11:11:11:11:11 MAC address: 00:22:22:22:22:22 Uplink port: 0/1 EV port: 1/1 Client port: 0/2 Network port: 1/1 ACL number: 1
User guide (CLI)
109
8.1.2.3.1
This example shows how to configure the Ethernet switch blade as shown in Figure 8-1. No special configuration is needed. Result: All ports are configured to pass traffic unchanged. 8.1.2.3.2 Configuring the VDSL2 blade
This example shows how to configure VDSL2 blade as shown in Figure 8-1. Step 1 2 3 4 Mode (EV) # (EV) (Config)# (Config-mac-access-list)# (Config-mac-access-list-deny)# Command configure mac access-list extended deny dstmac 00:11:11:11:11:11 FF:FF:FF:FF:FF:FF exit permit exit exit interface 0/2 mac access-group in exit exit save config Purpose Enter configuration mode Enter mac access list Enter mac access list deny Deny all traffic heading to server mac 00:11:11:11:11:11 Exit mac access list deny Permit everything else Exit mac access list permit Exit mac access list Enter interface 0/2 Attach access list in ingress Exit interface 0/2 Exit configuration mode Save configuration
5 6 7 8 9 10 11 12 13
(Config-mac-access-list-deny)# (Config-mac-access-list)# (Config-mac-access-list-permit)# (Config-mac-access-list)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) #
Result: Ports 0/2 is configured to filter traffic passing in the upstream direction. The user cannot access the server. Note: The last statement in ACL is always DENY. You can override this behavior by issuing last statement PERMIT every.
8.1.2.3.3
Displaying VDSL2 ACL information extended Direction --------inbound
Iskratel switching#show mac access-list MAC ACL Name Rules ------------------------------- ----block-server 3
Interface(s) ------------------------0/2;
Iskratel switching#show mac access-list extended block-server MAC ACL Name: block-server Rule Number: 1 Action......................................... deny
110
User guide (CLI)
Destination MAC address........................ 00:11:11:11:11:11 Destination MAC mask........................... FF:FF:FF:FF:FF:FF Rule Number: 2 Action......................................... permit Rule Number: 3 Action......................................... deny
8.1.3
Configuring user ports L3-L4 ACL
This example shows how to attach ACL to a user port.
Note: User ports are more capable than uplink ports.
There is no ACL attached to the interface by default. 8.1.3.1 Prerequisites
Client PC Server PC Traffic can pass from the Client PC to the Server PC.
User guide (CLI)
111
8.1.3.2
Network datagram
Figure 8-2 shows a sample network for ACL and points where appropriate network features will be configured.
Telnet server
SI 3000 MSAN
b.
0/1

a.
0/2 Modem
a. b. Client (access) port uplink port
0/3
User
Figure 8-2: Sample network topology for L3-L4 ACL tests
8.1.3.3
Data plan
Table 8-3: L3-L4 ACL data plan Item Server PC User PC Ethernet switch VDSL2 blade Data IP address: 192.168.10.254/24 Telnet port: 23 IP address: 192.168.10.1/24 Uplink port: 0/1 EV port: 1/1 Client port: 0/2 Network port: 1/1 ACL number: 1
112
User guide (CLI)
8.1.3.3.1
This example shows how to configure an Ethernet switch blade as shown in Figure 8-2. No special configuration is needed. Result: All ports are configured to pass traffic unchanged. 8.1.3.3.2 Configuring the VDSL2 blade
This example shows how to configure the VDSL2 blade as shown in Figure 8-2. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Mode (EV) # (EV) (Config)# (Config-ip-access-list-extended)# (Config-ip-access-list-extendeddeny)# (Config-ip-access-list-extendeddeny)# (Config-ip-access-list-extended)# (Config-ip-access-list-extendedpermit)# (Config-ip-access-list-extended)# (EV) (Config)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) # Command configure access-list 101 deny dstip 192.168.10.254 255.255.255.255 exit permit exit exit interface 0/2 ip access-group 101 in exit exit save config Purpose Enter configuration mode Enter IP access list Enter IP access list deny Deny all traffic heading to server ip 192.168.10.254 Exit IP access list deny Permit everything else Exit IP access list permit Exit IP access list Exit config mode Enter interface 0/2 Attach ACL in ingress direction Exit interface 0/2 Exit configuration mode Save configuration
Result: Port 0/2 is configured to filter traffic passing in the upstream direction. The user cannot access the server. Note: The last statement in ACL is always DENY. You can override this behavior by setting every last statement as PERMIT.
8.1.3.3.3
Displaying VDSL2 ACL information
Iskratel switching#show ip access-list ACL ID Rules Direction Interface(s) ------ ----- --------- ------------------------101 2 inbound 0/2;
Iskratel switching#show ip access-list 101 IP ACL ID: 101
User guide (CLI)
113
Rule Number: 1 Action......................................... deny Destination IP address......................... 192.168.10.254 Destination IP mask............................ 255.255.255.255 Rule Number: 2 Action......................................... permit
Configuring Quality of Service
This chapter describes how to configure Quality of service mechanisms with all its manipulations, variants and possibilities. All configuration guides are shown as Iskratel MSAN system, consisting of VDSL2 and Ethernet switch blade. This chapter consists of these sections: Understanding Quality of service Best practice examples of: o QoS trust zones (inc. L2 & L3) o Egress queuing using LLQ algorithm o Differentiated services Any incoming traffic -> marked to L2 COS and policed L2 traffic incoming ->some traffic dropped other redirected to new egress interface & part shaped in downstream direction Part of L3 traffic interested ->some marked with L3 DSCP & policed, other passed Typical 3ply traffic -> traffic types are recognized , marked with L3 preferred values, policed in upstream to different values if needed & shaped in downstream o Traffic egress shaping o WRED example Displaying proper QoS information
9.1
Understanding Quality of Service
A communications network forms the backbone of any successful organization. These networks transport a variety of applications and data, including high-quality video and delay-sensitive data such as voip. The bandwidth-intensive applications stretch network capabilities and resources, but also complement, add value, and enhance every business process. Networks must provide secure, predictable, measurable, and sometimes guaranteed services. Achieving the required Quality of Service (QoS) by managing the delay, delay variation (jitter), bandwidth, and packet loss parameters on a network becomes the secret to a successful end-to-end business solution. Thus, QoS is the set of techniques to manage network resources. VDSL2 blade successfully overcome problems, that can arise if bandwidth in not fairly distributed between applications, if some traffic must be prioritized or limited. Blade uses Differentiated Services model, which is often used to represent QoS functionality in its needed steps in combination with superior packet buffer lengths. This combination provides excellent QoS support in the access layer.
Note: For more information about Differentiated Services see RFC 2475.
114
User guide (CLI)
Blade can manage L2, L3 QoS mechanisms and some information in L4 layer can also be used.
Note: Blade has superior packet buffer support, so large traffic bursts are handled.
9.2
Default QoS settings
Table 9-1: Default QoS settings Feature Trust zones DiffServ Class-maps Policy-maps COS/CSC mapping No. of queues per interface Queuing algorithm Queue sizes Policing Shaping Table 9-2: Default Cos/CSC mapping COS/CSC 0 1 2 3 4 5 6 7 Queue number 0 1 2 3 4 5 6 7 Default Setting Disabled Enabled None None See table below 8 Strict 32 frames Disabled Disabled
9.3
Configuring trust zones
This example shows how to use trust zones within quality of service. The concept of trust zones is an important and integral part of deploying QoS in network. Once the end devices have set QoS values & marks, the VDSL2 blade has the option of trusting them or not. If the VDSL2 blade trusts QoS values, it does not need to do any reclassification; if it does not trust the values, then it must reclassify the traffic for appropriate QoS policy. By default, trust zones on product are in untrust mode.
Note: Trust mode can be set to: untrusted, dot1.p (default) and ip-dscp.
9.3.1
Prerequisites
In the network exist traffic generator, which is generating traffic with proper COS and CSC values The configuration is a default, line profiles are at default values
User guide (CLI)
115
9.3.2
Network datagram
Figure 9-1 shows a sample network for QoS trust zones and points where proper network features will be configured.
Traffic generator
SI3000 MSAN
0/1

a.
0/2
0/3
Modem
a. Trusted device b. Untrusted device
a.
b.
User1
User2
Figure 9-1: Sample network topology for QoS trust zones tests
Cos marked traffic
Cos marked or remarked traffic based on trust rules
116
User guide (CLI)
9.3.3
Data plan
Table 9-3: QoS trust zones data plan Item Upstream port Traffic source Users Data 0/1 ES 1/1 VDSL2 One traffic generator providing unicast traffic to user1 & user2 in VLAN 10 xDsl port 0/2 and 0/3 Unicast VLAN: 10, named as Data, traffic is marked with COS values of 5
9.3.3.1
Configuring the Ethernet switch blade unicast traffic as shown in Figure Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Enter Interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
This example shows how to configure Ethernet switch blade to pass 9-1. Step Mode Command 1 (ES) # vlan database 2 (ES)(vlan_database) # vlan name Data 10 3 (ES)(vlan_database) # exit 4 (ES) # configure interface 0/1 5 (ES) (Config)# vlan partipacation include 10 6 (ES) (Interface 0/1)# vlan tagging 10 7 (ES) (Interface 0/1)# exit 8 (ES) (Interface 0/1)# interface 1/1 9 (ES) (Config)# vlan partipacation include 10 10 (ES) (Interface 1/1)# vlan tagging 10 11 (ES) (Interface 1/1)# exit 12 (ES) (Interface 1/1)# exit 13 (ES) (Config)# write mem 14 (ES) #
Result: Unicast traffic in VLAN 10 can now pass Ethernet ES blade, so next thing to do is configure VDSL2 blade. 9.3.3.2 Configuring the VDSL2 blade
This example shows how to configure VDSL2 blade to pass unicast traffic in VLAN 10 include two users and properly set trust rules as shown in Figure 9-1. Step 1 2 3 4 5 6 7 8 9 10 11 Mode (EV) # (EV)(vlan_database) # (EV)(vlan_database) # (EV) # (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# Command vlan database vlan name Data 10 exit configure interface 1/1 vlan partipacation include 10 vlan tagging 10 exit interface 0/2 vlan partipacation include 10 vlan tagging 10 Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Enter Interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface
User guide (CLI)
117
12 13 14 15 16 17 18 19
(EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) (Interface 0/3)# (EV) (Interface 0/3)# (EV) (Interface 0/3)# (EV) (Config)# (EV) #
classofservice trust dot1p exit interface 0/3 vlan partipacation include 10 vlan tagging 10 exit exit write mem
Trust on interface is set to dot1.p (COS) bits Exit interface 0/2 Enter interface 0/3 Add VLAN 10 on interface Set tagging rules on interface Exit interface 0/3 Exit configuration mode Save configuration
Result: User1 & user2 send unicast traffic towards server with VLAN 10 and COS values of 5. When traffic is received on VDSL2 blade, trust rules are checked. User1, which is connected to port 0/2 is treated as trusted device, so COS mark will be accepted and prioritization rules will be done base on received traffic. This traffic with COS 5 will be put in egress queue 5 and sent towards. User2 is in the other hand connected to untrusted port. When traffic from user is received on blade marked with COS 5, this mark will be ignored (not considered in QoS mechanisms) and set to default value of COS 0.
9.4
Configuring egress queuing using LLQ algorithm
This example shows how to use egress algorithms (in this particular case LLQ, which is combination of strict and WRR algorithm) within quality of service. Proper egress queue debufering strategy is crucial for prioritization traffic flows. Flows with low latency and constant bandwidth demand should be first served so should be first transmitted throe interface. When dealing with 3ply traffic on blade, LLQ is best debufering method. Real time traffic a.k.a VoIP is placed in strict priority queue, all other traffic in WRR queues with modified weights.
Note: Egress queuing can be set per port with possible modes from strict, WRR and LLQ.
9.4.1
Prerequisites
In the network exist traffic generator, which is generating 3ply traffic with proper COS or CSC values The configuration is a default, line profiles are at default values
118
User guide (CLI)
9.4.2
Network datagram
shows a sample network for QoS egress queuing strategies and points where proper network features will be configured.
SI3000 MSAN
0/1
a.
Ethernet switch
1/1 1/1 VDSL2 blade

b.
0/2
Modem
a. Trusted device Trust device 8 b. egress queues
User1
Figure 9-2: Sample network topology for QoSQoS egress queuing strategies tests 9.4.3 Data plan
Table 9-4: QoS egress queuing strategies plan Item Upstream port Traffic source Data 0/1 ES 1/1 VDSL2 One traffic generator providing unicast traffic to user1 in VLAN 10 add different COS values. Volume of traffic generated must be greater then dsl line speed. xDsl port 0/2 Unicast VLAN: 10, sent towards server just for MAC learning reasons
Users
Traffic sent is marked with COS 3, COS4 and COS5
User guide (CLI)
119
9.4.3.1
This example shows how to configure Ethernet switch blade to pass unicast traffic as shown in Figure 9-2. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Mode (ES) # (ES)(vlan_database) # (ES)(vlan_database) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan name Data 10 exit configure interface 0/1 vlan partipacation include 10 vlan tagging 10 exit interface 1/1 vlan partipacation include 10 vlan tagging 10 exit exit write mem Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Enter Interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Unicast traffic in VLAN 10 can now pass Ethernet ES blade, so next thing to do is configure VDSL2 blade. * ES has by default set trusting to do1.p. 9.4.3.2 Configuring the VDSL2 blade
This example shows how to configure VDSL2 blade to pass unicast traffic in VLAN 10 include user in VLAN 10, set trust to dot1.p and manage egress queuing strategy as shown in Figure 9-2. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Mode (EV) # (EV)(vlan_database) # (EV)(vlan_database) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) # Command vlan database vlan name Data 10 exit configure classofservice trust dot1p interface 1/1 vlan partipacation include 10 vlan tagging 10 exit interface 0/2 vlan partipacation include 10 vlan tagging 10 cos-queue wrr-weights 1 1 1 5 10 111 cos-queue strict 6 exit exit write mem Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Set globaly trust to dot1.p Enter Interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface Set WRR weights on egress queues Set strict algorithm on queue where COS 5 will be debuffred Exit interface 0/2 Exit configuration mode Save configuration
120
User guide (CLI)
Result: User1 is receiving traffic in VLAN 10. When volume of traffic is over dsl speed some traffic will be lost. In this case traffic with COS 5 mark has top priority and it is debuffered in strict order. If some dsl bandwith is free COS 3 and COS 4 traffics will be debuffered in a WRR way with ration (in packet scenar io 5/10, because of weights).
9.5
Configuring differentiate services: Any incoming traffic -> classified, marked to new L2 COS values and policed
This example shows how to use differentiate services within quality of service. Case predicts that all incoming traffic from subscribers site is untrusted, it is classified by rules and marked with proper COS values. One of traffic patterns is limited (policed). Differentiate service model for providing QoS policy offers flexible methods for classifying traffic (from L2 L4 packet informations) and then doing actions (like marking, policing, redirecting, dropping, etc.) on it.
Note: Differentiate services can use packet information from L2 up to L4 for classification.
9.5.1
Prerequisites
In the network exist traffic generator, which is responding to traffic sent from users site. In this case traffic is always sent in unicast way. The configuration is a default, line profiles are at default values
User guide (CLI)
121
9.5.2
Network datagram
Figure 9-3 shows a sample network for implementing differentiate services policy and points where proper network features will be configured.
SI3000 MSAN
0/1
a.
Ethernet switch
1/1 1/1 VDSL2 blade

b.
0/2
Unclassified traffic, sent in VLAN 10 and untagged
User1
Modem
a. Trusted device Differentiate services b. point
Figure 9-3: Sample network topology for differentiate services tests
9.5.3
Data plan
Table 9-5: DiffServ plan Item Upstream port Traffic source Users Data 0/1 ES 1/1 VDSL2 One traffic generator providing unicast traffic to user1 in VLAN 10 & VLAN 11. xDsl port 0/2 Unicast traffic sent in VLAN: 10 and in untagged mode
Traffic sent because of MAC learning
122
User guide (CLI)
9.5.3.1
This example shows how to configure Ethernet switch blade to pass unicast traffic as shown in Figure 9-3. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Mode (ES) # (ES)(vlan_database) # (ES)(vlan_database) # (ES)(vlan_database) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan name Data 10 vlan name Data1 11 exit configure interface 0/1 vlan partipacation include 10 vlan tagging 10 vlan partipacation include 11 vlan tagging 11 exit interface 1/1 vlan partipacation include 10 vlan tagging 10 vlan partipacation include 11 vlan tagging 11 exit exit write mem Purpose Enter VLAN database Add VLAN 10 with name Data Add VLAN 11 with name Data1 Exit vlan database Enter configuration mode Enter Interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 11 on interface Set tagging rules on interface Exit Interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 11 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
Result: Unicast traffic in VLAN 10 and VLAN 11 can now pass Ethernet ES blade, so next thing to do is configure VDSL2 blade. 9.5.3.2 Configuring the VDSL2 blade
This example shows how to configure VDSL2 blade to pass unicast traffic in VLAN 10 include user in VLAN 10, mark untag traffic with VLAN1 1 and set DiffServ rules as shown in Figure 9-3. Step 1 2 3 4 5 6 7 8 9 10 11 Mode (EV) # (EV)(vlan_database) # (EV)(vlan_database) # (EV)(vlan_database) # (EV) # (EV) (Config)# (EV) (Config)# (EV) (Config)(Configclassmap)# (EV) (Config)(Configclassmap)# (EV) (Config)# (EV) (Config)(Configclassmap)# Command vlan database vlan name Data 10 vlan name Data1 11 exit configure classofservice trust dot1p class-map match-all Match_VLAN_10 match vlan 10 exit class-map match-all Match_VLAN_11 match vlan 11 Purpose Enter VLAN database Add VLAN 10 with name Data Add VLAN 11 with name Data1 Exit vlan database Enter configuration mode Set globaly trust to dot1.p Class-map for defined for dropping Class map action: match Exit class map Class-map for defined for dropping Class map action: match
User guide (CLI)
123
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
(EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-map)# (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) #
exit police-map VLAN10_11 in class Match_VLAN_10 mark cos 3 police-two-rate 1000 10 1000 10 transmit drop exit class Match_VLAN_11 mark cos 5 police-two-rate 5000 10 5000 10 transmit drop exit exit interface 1/1 vlan partipacation include 10 vlan tagging 10 vlan partipacation include 11 vlan tagging 11 exit interface 0/2 vlan partipacation include 10 vlan tagging 10 vlan partipacation include 11 no vlan tagging 11 vlan pvid 11 service policy in VLAN10_11 exit exit write mem
Policy map for user1 & traffic in VLAN 10 For class Match_VLAN_10 marking & policing will be done Action declared mark VLAN 10 traffic with cos 3 Action declared limit VLAN10 traffic to 1Mb/s Exit policy-class-map For class Match_VLAN_11 marking & policing will be done Action declared mark VLAN 11 traffic with cos 5 Action declared limit VLAN10 traffic to 5Mb/s Exit policy-class-map Exit policy map
Add VLAN 10 on interface Set tagging rules on interface Add VLAN 11 on interface Set tagging rules on interface Exit Interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface Add VLAN 11 on interface Set tagging rules on interface Set VLAN PVID on interface Attach service policy in ingress site Exit interface 0/2 Exit configuration mode Save configuration
Result: When user1 sent traffic in VLAN 10 & in untagged fashion, traffic in VLAN 10 will be marked with COS value of 3 and policed to 1Mb/s. Untagged traffic will be first marked with VLAN11, then marked with COS value of 5 and policed to 5Mb/s.
9.6
L2 traffic incoming ->some traffic dropped some redirected to new egress interface other transmitted & part shaped in downstream direction
This example shows how to use differentiate services within quality of service. Case predicts that all incoming traffic is considered only by L2 parameters. Part of incoming traffic (received by subscriber side) is dropped; some is redirected to new egress interface (for the analyzing purposes) and shaped in downstream direction. Differentiate service model for providing QoS policy offers flexible methods for classifying traffic (from L2 L4 packet informations) and then doing actions (like marking, policing, redirecting, dropping, etc.) on it.
124
User guide (CLI)
Note: Differentiate services can be used in upstream and downstream way.
9.6.1
Prerequisites
In the network exist traffic generator, which is responding to traffic sent from users site. In this case traffic is always sent in unicast way. The configuration is a default, line profiles are at default values 9.6.2 Network datagram
SI3000 MSAN
0/1
a.
Ethernet switch
1/1 1/1 VDSL2 blade

b.
0/2
0/3
Unclassified traffic, sent in VLAN 10
Modem
Part of traffic dropped Part of traffic redirected User1 Analyzer
Figure 9-4: Sample network topology for differentiate services tests 9.6.3 Data plan
Table 9-6: DiffServ plan Item Upstream port Traffic source Users Data 0/1 ES 1/1 VDSL2 One traffic generator providing unicast traffic to user1 in VLAN 10 xDsl port 0/2 & 0/3 Unicast traffic sent in VLAN 10
Traffic sent towards User1
User guide (CLI)
125
9.6.3.1
This example shows how to configure Ethernet switch blade to pass unicast traffic as shown in Figure 9-4. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Mode (ES) # (ES)(vlan_database) # (ES)(vlan_database) # (ES) # (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan name Data 10 exit configure interface 0/1 vlan partipacation include 10 vlan tagging 10 exit interface 1/1 vlan partipacation include 10 vlan tagging 10 exit exit write mem Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Enter Interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
This example shows how to configure VDSL2 blade to pass unicast traffic in VLAN 10 include user in VLAN 10, drop & redirect some traffic and set DiffServ rules as shown in Figure 9-4. Step 1 2 3 4 5 6 Mode (EV) # (EV)(vlan_database) # (EV)(vlan_database) # (EV) # (EV) (Config)# (EV) (Config)(Configclassmap)# (EV) (Config)(Configclassmap)# (EV) (Config)(Configpolicy-map)# EV) (Config)(Configclassmap)# (EV) (Config)(Configclassmap)# (EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# Command vlan database vlan name Data 10 exit configure class-map match-all redirect match source-address mac 00:aa:aa:aa:aa:aa 00:aa:bb:bb:bb:bb exit class-map match-all drop match cos 7 exit police-map User1 in class redirect redirect 0/3 exit Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Class-map for defined for redirect traffic Class map action: match
7 8 9 10 11 12 13 14
Exit class-map Class-map for defined for dropping Class map action: match Exit class-map Police map for user1 (defined for upstream traffic) For class redirect redirect action will be done Action declared redirect all mached traffic Exit policy-class-map
126
User guide (CLI)
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
(EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Config)# (EV) (Interface 0/3)# (EV) (Interface 0/3)# (EV) (Interface 0/3)# (EV) (Config)# (EV) #
class drop drop exit interface 1/1 vlan partipacation include 10 vlan tagging 10 exit interface 0/2 vlan partipacation include 10 vlan tagging 10 service policy in User1 traffic shape 5000 interface 0/3 vlan partipacation include 10 vlan tagging 10 exit exit write mem
For class drop drop action will be done Action declared drop all mached traffic Exit policy-class-map Enter Interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface Attach service policy in ingress site All traffic sent towards user1 will be shapped to 5000kbits Enter interface 0/3 Add VLAN 10 on interface Set tagging rules on interface Exit interface 0/3 Exit configuration mode Save configuration
Result: When User1 will sent traffic towards network and this traffic will be in range of 00:aa:aa:aa:aa:aa 00:aa:bb:bb:bb:bb, traffic will be redirected to interface 0/3. If traffic in VLAN 10 & cos 7 is received on same user port (sent by user1) this traffic will be droped. Everything else is passed. In downstream direction all traffic flows sent towards user 1 will be shaped to 5Mb/s.
9.7
Part of L3 traffic interested ->some marked with L3 DSCP & policed, other passed
This example shows how to use differentiate services within quality of service. Part of incoming traffic (received by subscriber side) is marked with L3 DSCP values and policed, other passed. Differentiate service model for providing QoS policy offers flexible methods for classifying traffic (from L2 L4 packet informations) and then doing actions (lik e marking, policing, redirecting, dropping, etc.) on it.
Note: When dealing with L2 & L3 QoS marks, whole path must be in awareness for this QoS bits. 9.7.1 Prerequisites
In the network exist traffic generator, which is responding to traffic sent from users site. In this case traffic is always sent in unicast way. The configuration is a default, line profiles are at default values
User guide (CLI)
127
9.7.2
Network datagram
SI3000 MSAN
0/1
a.
Ethernet switch
1/1 1/1 VDSL2 blade

b.
0/2
User1
Modem
Figure 9-5: Sample network topology for differentiate services tests
128
User guide (CLI)
9.7.3
Data plan
Table 9-7: DiffServ plan Item Upstream port Traffic source Users Data 0/1 ES 1/1 VDSL2 One traffic generator providing unicast traffic to user1 in VLAN 10 xDsl port 0/2 Unicast traffic sent in VLAN 10
9.7.3.1
This example shows how to configure Ethernet switch blade to pass unicast traffic as shown in Figure 9-5. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Mode (ES) # (ES)(vlan_database) # (ES)(vlan_database) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan name Data 10 exit configure classofservice trust dscp interface 0/1 vlan partipacation include 10 vlan tagging 10 exit interface 1/1 vlan partipacation include 10 vlan tagging 10 exit exit write mem Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Trust mode is in a dscp mode Enter Interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
This example shows how to configure VDSL2 blade to pass unicast traffic in VLAN 10 include user in VLAN 10, drop & redirect some traffic and set DiffServ rules as shown in Figure 9-5. Step 1 2 3 4 5 6 7 Mode (EV) # (EV)(vlan_database) # (EV)(vlan_database) # (EV) # (EV) (Config)# (EV) (Config)(Configclassmap)# (EV) (Config)(Configclassmap)# Command vlan database vlan name Data 10 exit configure class-map match-all TCP match protocol tcp exit Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Class-map for defined for redirect traffic Class map action: match all TCP traffic Exit class-map
User guide (CLI)
129
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
(EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/3)# (EV) (Config)# (EV) #
police-map mark_police in class TCP mark ip-dscp 41 police-two-rate 1000 10 2000 20 transmit drop exit exit interface 1/1 vlan partipacation include 10 vlan tagging 10 exit interface 0/2 vlan partipacation include 10 vlan tagging 10 service policy in TCP exit exit write mem
Police map for user1 (defined for upstream traffic) For class TCP marking & dropping actions will be done Action declared mark TCP traffic to new DSCP values Action declared limit TCP traffic to 1Mb/s 2M/s Exit policy-class-map Exit Class map Enter Interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface Attach service policy in ingress site Exit interface 0/3 Exit configuration mode Save configuration
Result: When user1 sent TCP traffic towards network, this traffic will be marked with DSCP value of 41 and policed by two rate policer to 1-2Mb/s. All other traffic is passed unlimited and unmarked. 9.8 Typical 3ply traffic -> traffic types are recognized, marked with L3 preferred values, policed in upstream to different values if needed & shaped in downstream
This example shows how to use differentiate services within quality of service. Part of incoming traffic (received by subscriber side) is marked with L3 DSCP values and policed, other passed. Differentiate service model for providing QoS policy offers flexible methods for classifying traffic (from L2 L4 packet informations) and then doing actions (like marking, policing, redirecting, dropping, etc.) on it. Note: When dealing with 3ply traffic, best strategy is to use trust zones at access site. All received traffic from subscriber site is treated as untrusted, so QoS policy is done on access ports. 9.8.1 Prerequisites
In the network exist traffic generator, which is responding to traffic sent from users site. In this case traffic is always sent in unicast way. The configuration is a default, line profiles are at default values Traffic Data Data Video Video Direction Upstream Downstream Upstream Downstream Tagged/marked VLAN Tagged/ no QoS marked VLAN Tagged/ DSCP marked VLAN tagged /COS marked VLAN Tagged/ DSCP marked Action Mark to DSCP value, police to 1Mb/s, maximum bursts allowed Shaped to 5Mb/s, best effort queue Mark to DSCP value, police to 100kb/s, minimum bursts allowed Unlimited bandwidth, real time queue
130
User guide (CLI)
VoIP VoIP Modem mng Modem mng 9.8.2
Upstream Downstream Upstream Downstream
VLAN Tagged/ COS marked VLAN Tagged/ DSCP marked Untagged/ no QoS marked VLAN Tagged/ DSCP marked
Mark to DSCP value, police to 150kb/s Policed to 150kb/s, most priority queue, strict Add mng VLAN, mark to appropriate DSCP value Remove VLANs
Network datagram
SI3000 MSAN
0/1
a.
Ethernet switch
1/1 1/1 VDSL2 blade

b.
0/2
User1
Modem
Figure 9-6: Sample network topology for differentiate services tests in 3ply scenarios
User guide (CLI)
131
9.8.3
Data plan
Table 9-8: DiffServ plan for 3ply traffics Item Upstream port Traffic source Users Data 0/1 ES 1/1 VDSL2 One traffic generator providing unicast traffic to user1 in VLAN 10 xDsl port 0/2 Unicast traffic sent in VLAN 10
9.8.3.1
This example shows how to configure Ethernet switch blade to pass unicast traffic as shown in Figure 9-6. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Mode (ES) # (ES)(vlan_database) # (ES)(vlan_database) # (ES) # (ES) (Config)# (ES) (Config)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Interface 0/1)# (ES) (Config)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Interface 1/1)# (ES) (Config)# (ES) # Command vlan database vlan name Data 10 exit configure classofservice trust dscp interface 0/1 vlan partipacation include 10 vlan tagging 10 exit interface 1/1 vlan partipacation include 10 vlan tagging 10 exit exit write mem Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Trust mode is in a dscp mode Enter Interface 0/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 0/1 Enter interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit interface 1/1 Exit configuration mode Save configuration
This example shows how to configure VDSL2 blade to pass unicast traffic in VLAN 10 include user in VLAN 10, dropp & redirect some some traffic and set DiffServ rules as shown in Figure 9-6. Step 1 2 3 4 5 6 7 Mode (EV) # (EV)(vlan_database) # (EV)(vlan_database) # (EV) # (EV) (Config)# (EV) (Config)(Configclassmap)# (EV) (Config)(Configclassmap)# Command vlan database vlan name Data 10 exit configure class-map match-all TCP match protocol tcp exit Purpose Enter VLAN database Add VLAN 10 with name Data Exit vlan database Enter configuration mode Class-map for defined for redirect traffic Class map action: match all TCP traffic Exit class-map
132
User guide (CLI)
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
(EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-map)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)(Configpolicy-classmap)# (EV) (Config)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Interface 1/1)# (EV) (Config)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/2)# (EV) (Interface 0/3)# (EV) (Config)# (EV) #
police-map mark_police in class TCP mark ip-dscp 41 police-two-rate 1000 10 2000 20 transmit drop exit interface 1/1 vlan partipacation include 10 vlan tagging 10 exit interface 0/2 vlan partipacation include 10 vlan tagging 10 service policy in TCP exit exit write mem
Police map for user1 (defined for upstream traffic) For class TCP marking & dropping actions will be done Action declared mark TCP traffic to new DSCP values Action declared limit TCP traffic to 1Mb/s 2M/s Exit policy-class-map Enter Interface 1/1 Add VLAN 10 on interface Set tagging rules on interface Exit Interface 1/1 Enter interface 0/2 Add VLAN 10 on interface Set tagging rules on interface Attach service policy in ingress site Exit interface 0/3 Exit configuration mode Save configuration
Result: When user1 sent TCP traffic towards network, this traffic will be marked with DSCP value of 41 and policed by two rate policer to 1-2Mb/s. All other traffic is passed unlimited and unmarked.
10 System management configuration

This chapter describes how to manage the system configuration. This chapter consists of these sections: Understanding Default settings Configuring DHCP Client Configuring SNTP Diagnosis Connectivity Problems Managing the MAC address table
10.1 Understanding
10.1.1 DHPC client Dynamic Host Configuration Protocol (DHCP) is of the client-server type. The client is running on a VDSL2 blade. The DHCP client sends the servers the requirements that include certain device type and software version data that are specific to the client. On the basis of these data, the server assigns the required configuration parameters and sends them to the client in its response. 10.1.2 SNTP Simple Network Time Protocol (SNTP) is a less complex implementation of NTP, using the same protocol but without requiring the storage of state over extended periods of time.
User guide (CLI)
133
10.1.3 Diagnosis connectivity problems Traceroute The traceroute feature allows the VDSL2 blade to identify the physical path that a packets actually take when traveling to their destination through the network on a hop-by-hop basis. The <ipaddr> value should be a valid IP address. The [<port>] value should be a valid decimal integer in the range of 0 (zero) to 65535. The optional port parameter is the UDP port used as the destination of packets sent as part of the traceroute. This port should be an unused port on the destination system. Ping The VDSL2 blade supports IP ping, which you can use to test connectivity to remote hosts. Ping sends an echo request packet to an address and waits for reply. 10.1.4 Aging time To effectively realize the aging function of MAC addresses, you need to configure the aging time. If a device has not transmitted any packet during the period which is the one to double of the aging time, the MAC address is deleted from the MAC address table.
10.2 Default settings

10.2.1 Traceroute Table 10-1: Default traceroute settings Feature traceroute 10.2.2 Aging time Table 10-2: Default aging time settings Feature bridge aging-time Default setting 300 Default setting 33434 (for port)
10.3 Configuring DHCP Client

10.3.1 Configuring the DHCP Client This operation enables DHCP client functionality in general. You can only turn on DHCP client by this command. If you try to turn off client manually (network protocol none) you will get warning: You must set the network parameters for turning DHCP client off!. If you are going to turn off client you have to set network parameters, than automatically DHCP client will be turned off. DHCP client is enabled by default. To configure the DHCP Client: Step 1 Mode (EV)# Command network protocol <none | dhcp> Purpose Configure the DHCP client .
Example: (EV)# network protocol dhcp
134
User guide (CLI)
10.3.2 Configuring the network parameters To configure the network parameters: Step 1 Mode (EV)# Command network parms<ipaddr> <netmask> Purpose Configure the network parameters of the router (IP address and subnet mask).
Example: (EV)# network parms 10.10.10.1 255.255.255.0
Note: Using this command will turn DHCP client OFF automatically!
10.3.3 Configuring the management VLAN ID To configure the management VLAN ID: Step 1 Mode (EV)# Command network mgmt_vlan <1-4094> Purpose Configure the management VLAN ID.
Example: (EV)# network mgmt_vlan 2 10.3.3.1 Displaying status of the network To display status of the network: Step 1 Mode (EV)# Command show network Purpose Display status of the network.
Example: (EV)# show network IP Address..................................... Subnet Mask.................................... Burned In MAC Address.......................... Management VLAN ID............................. Network Configuration Protocol................. 172.18.131.53 255.255.255.224 00:D0:50:5A:07:3F 1 DHCP
10.4 Configuring SNTP

10.4.1 Configuring the SNTP server To configure the SNTP Server: Step 1 Mode (EV)# Command sntp server <ipaddress> Purpose Configure the SNTP Server.
User guide (CLI)
135
Example: (EV)# sntp server 172.18.133.37
10.4.1.1 Displaying SNTP settings To display SNTP settings : Step 1 Mode (EV)# Command show sntp Purpose Display SNTP settings.
Example: (EV)# show sntp
Thu May 6 09:49:32 CEST 2010 SNTP servers:
10.5 Diagnosis connectivity problems

10.5.1 Displaying traceroute To display traceroute: Step 1 Mode (EV) # Command traceroute <ipaddr> [<port>] Purpose Display traceroute.
Example: (EV)# traceroute 172.26.2.1 10.5.2 Executing ping To execute ping: Step 1 Mode (EV) # Command ping <ipaddr> Purpose Ping a remote host through IP.
Example: (EV)# ping 172.18.131.54 (EV)# ping 172.18.131.54PING 172.18.131.54 (172.18.131.54): 56 data bytes 64 bytes from 172.18.131.54: seq=0 ttl=64 time=11.9 ms --- 172.18.131.54 ping statistics --1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 11.9/11.9/11.9 ms
136
User guide (CLI)
10.6 Managing the MAC address table

The MAC address table contains address information that the VDSL2 blade uses to forward traffic between ports. All MAC addresses in the address table are associated with one or more ports. 10.6.1 Configuring aging time This operation configures the forwarding database address aging timeout in seconds. The <seconds> parameter must be within the range of 10 to 1,000,000 seconds. To configure aging time: Step 1 2 Mode (EV) # (EV)(Config) # Command configure bridge aging-time <101,000,000>} Purpose Enter configuration mode. Configure aging time.
Example: (EV)# configure (EV)(Config)# bridge aging-time 1000 10.6.1.1 Displaying the timeout for address aging This operation displays the timeout for address aging. To display timeout for address aging : Step 1 Mode (EV)# Command show bridge aging-time Purpose Display timeout for address aging.
Example: (EV)# show bridge aging time 10.6.1.2 Displaying the MAC table This operation displays all MAC address, or a part set on a mask The mask should be hexadecimal numbers (representing an equivalent bit mask) in the form xx-xx-xx-xx-xx-xx that is applied to the specified MAC address. Enter hexadecimal numbers, where an equivalent binary bit 0 means to match a bit and 1 means to ignore a bit. For example, a mask of 00 -00-00-00-00-00 means an exact match, and a mask of FF-FF-FF-FF-FF-FF means any.
User guide (CLI)
137
To display MAC table: Step 1 Mode (EV)# Command show mac-table {mask} Purpose Display MAC table.
Example: (EV)# show mac-table
Vlan ---53 53 3999 3920
Mac Address ----------------00:26:82:4D:53:90 00:26:82:4D:53:98 02:10:18:01:00:01 00:11:22:01:02:0C
Interface --------0/28 0/20 0/1 0/2
11 VDSL2 interface configuration

This chapter describes how to set or obtain the VDSL2 interface configuration. The chapter consists of the following sections: Understanding Managing the VDSL2 interface Managing DSL profiles Managing PSD masks
11.1 Understanding
VDSL2 is an advanced technology with many features arising from the other DSL technologies introduced in the past, as well as its proper particularities. Before configuring the VDSL2 interface, it's necessary to understand and take in consideration terms used in the commands, and their listings. The following terms will be briefly explained: Transmit power and power spectral density Crosstalk Signal-to-noise ratio Margin Seamless rate adaptation Bit swapping Impulse noise protection Retransmission of packets Upstream power back-off PSD masks VDSL2 frequency profiles VDSL2 Interoperability and ADSL2+ Backward Compatibility
138
User guide (CLI)
11.1.1 Transmit power and power spectral density A power spectral density (PSD) is a measurement unit, which describes how the transmitted (or output) electrical power is distributed on the frequency scale. VDSL2 signals and noises are both described by PSDs, which are expressed in decibel milliwatts per Hertz (dBm/Hz). For example, if a total of 10 mW is applied to a line, and the transmitter applies that power across a 1 MHz bandwidth, then the transmit PSD is a constant -50 dBm/Hz (10-2 W/106 Hz = 10-8 W/Hz = 10-5 mW/Hz and 10*log10 10-5 = -50dBm/Hz). VDSL2 PSD transmission level is approximately -60 dBm/Hz, whereas ADSL2+ transmission level is approximately -40 dBm/Hz. 11.1.2 Crosstalk Individual wires that compose twisted-pair VDSL2 lines are insulated. Twisting of these lines into cables limits electromagnetic interference to nearby lines. Because the shielding between lines is not perfect, signals from one line may couple into other lines. As a result, a receiver on the local side, can detect signals transmitted from other lines in the cable. Thus, the noise power increases and degrades the received signal quality on the considered line. The coupling of unwanted signals from one or more VDSL2 lines into another line is called crosstalk. In the VDSL2, two forms of crosstalk are known: near-end crosstalk (NEXT) and far-end crosstalk (FEXT). NEXT results in the signal transmitted from a wire pair coupling into another wire pair and interfering with the reception of signals at a receiver located at the same end of the line as disturbing transmitter. FEXT results from transmitted signals being coupled to another wire pair interfering with the reception at the far end of the line. VDSL2 systems are frequency-division duplexed (FDD), which means they transmit downstream and upstream in separate frequency bands. For this reason, VDSL2 systems do not significantly suffer from NEXT. FEXT is expected to be a dominant impairment on shorter VDSL lines. It decreases with increasing the line length. 11.1.3 Signal-to-noise ratio (SNR) The signal-to-noise ratio (SNR) is the ratio of power of the information-bearing signal at the receiver to the power of the received noise. SNR is expressed in decibels (dB), and represents the quality of the transmission subchannel. 11.1.4 Margin The receivers SNR varies with time, as a consequence of twisted-pair impairments. SNR noise margin is the amount by which the SNR can degrade without increasing the receiver detection error probability. VDSL2 systems are designed for 6 dB margin, which is the target margin between its minimal and maximal value. For example, modulation QAM 256 on the subchannel, with required probability of error 10-7, 6 dB SNR margin and SNR 30.1 dB will have overall SNR 36.1 dB. 11.1.5 Seamless rate adaptation (SRA) A seamless rate adaptation (SRA) is a technique to be used when the noise profile on the line changes. SRA reduces the bit rate in order to ensure that there is adequate noise margin on the line. When the noise on the line increases, SRA is used to reduce bit rate on the line, without droping the line.
User guide (CLI)
139
11.1.6 Bit swapping Bit swapping algorithms are designed for optimal usage of VDSL2 lines by providing the maximum noise margin at the desired bit rate and error probability. Dynamic bit allocation depends on SNR, on DMT subchannels. Depending on the SNR of degraded subchannel, some or all of its bits may be removed to one or more subchannels that can support additional data bits. That is, subchannels with noise margin greater than zero. 11.1.7 Impulse noise protection (INP) An impulse noise is a random intermittent interference on a VDSL2 line. It has significant impact on IPTV performance and consequently on user's quality of experience (QoE). In order to avoid the impulse-noise effect on the VDSL2 system, a combination of the following mechanisms is recommended: INP, RS coding, interleaving and seamless rate adaptation. The impulse noise also represents a nonstationary crosstalk from temporary electromagnetic events in the vicinity of VDSL2 lines. The sources of this type of noise are various: ringing of phones on the lines sharing the same binder, switching on/off motors of different electrical devices in the building, etc. The selection of mathematical model of impulse noise is not an easy task, because the causes of impulse noises are so diverse. Each of above mentioned impulse noise effects is temporary and results in induced voltages, in the VDSL2 line, from few millivolts to hundred mV. Impulse noise duration may last tens to hundreds of microseconds. However, it can span time intervals as long as three msec. Each VDSL2 modem with belonging VDSL2 user interface, inside the network element and the remote side, has two latency paths for data: a fast and an interleaved path. A bearer channel, may be assigned to either one of the two paths, as shown in the figure below.
slow bits
CRC RS Encoder Interleaver
fast bits
CRC RS Encoder
Trellis Encoder
VDSL2 Line
Figure 11-1: Error correction coding for VDSL2 The interleaved path consists of CRC unit, Reed-Solomon encoder and interleaver. Fast path, unlike interleaved path, does not support interleaving. Forward error correction (FEC) implemented by RS encoder is always enabled on the fast path. The greater resistance to errors in the interleaved path is intended for applications that are not affected by high latency. For instance, transmission of video traffic in MPEG compression standard.
140
User guide (CLI)
The fast path provides less protection against transmission errors but less delay at the same time. It is intended for transport of delay sensitive applications such as voice, or interactive control data messages between set-top box and video server. INP (Impulse Noise Protection) is a standardized DSL mechanism (ITU-T G.992.5) that reduces the effect of impulse noise in the interleaved path. Data interleaving and Reed-Solomon (RS) coding protect the signal against the errors, which commonly occur in bursts. Greater value of INP and smaller value of symbol delay cause decrease of bit rate on the VDSL2 line. This leads to a conclusion, how it's is possible to increase the bit rate on the VDSL2 line. Beside this, it's necessary to take in consideration the increase of SNR value margin in order to achieve higher bit rate. There is a tradeoff between greater value of INP on one side, and greater symbol delay as well as lower bit rate on the other side. The value of INP should be set between 0.5 and 16 in order to perform the error correction for intervals between 250 microseconds and 3.5 msec. INP is manageable for each VDSL2 line separately in US or DS direction respectively. RS encoder partitions the data into blocks of k data symbols (each symbol having eight bits) and 2r redundancy symbols. The latter are appended to the k data symbols without altering their content. The entire codeword of k+2r symbols is transmited over a VDSL2 line. Therefore, VDSL2 RS encoder establishes codewords of 255 (k+2r) bytes and allows up to 16 (2r) errored bytes (symbols) anywhere in the considered codeword to be repaired. Therefore the maximum number of repaired bits is 128. In the worst case, 16 bit errors may occur, each in the separate symbol so that the RS decoder corrects 16 bit errors. If the number of errors within the code word doesn't exceed the error correcting code's capability, then the original codeword may be recovered. Uncorrectable errors can result in either the RS decoder error where the errors happen to be within symbols of another valid codeword, or the RS decoder failure where the received codeword is not within symbols of valid codeword. The CRC unit, which precedes the RS encoder is aimed to detect errors not corrected by the RS code. The interleaver unit, which succeeds the RS encoder, reorders the passing symbols over many different codewords, therefore the adjacent symbols (bytes) in the transmitted data stream are not from the same codeword. As a result, more uniform distribution of errors is achieved. The deinterleaver reorders the bytes by delaying each byte by a varying amount that causes the total delay for any byte, through both transmitter and receiver, to be constant. Therefore VDSL2 systems have constant delay of RS symbols. Interleaving may be used with or without INP. Interleaving adds from 1 to 32 milliseconds of latency. The longer the delay, the better is the impulse-noise protection. However, VDSL2 profile, which permits greater impulse noise protection will decrease the bit rate and thus reduce the net performance of the VDSL2 system. The slow channel is mandatory, the fast channel is optional. If both channels are implemented the VDSL2 provides dual latency. If both slow and fast are intended to be used simultaneously, the fast channel can be provided by disabling the interleaving function of the slow channel (delay=0). Trellis coding, unlike RS coding, increases the resilency (robustness) of the transmitted signal to noise across the VDSL2 line. This type of encoder can be concatenated with RS encoder. The concatenation of encoders results in better coding gain, therefore the SNR at the receiver side increases. Each encoder contributes its coding gain. Trellis encoder is not subject of configuration.
User guide (CLI)
141
11.1.8 Retransmission of packets In order to avoid delay and code overhead, it' is suggested to use the so-called Physical layer Retransmission technique (PhyR) instead of interleaving. Delay and overhead occur as a consequence of INP as well as interleaving on the lines that are (heavily) exposed to the impulse noise. The retransmission technique is especially recommended in cases of low-quality twisted pairs that are subject to frequent transmission-parameter changes, caused by the impulse noise. When the VDSL2 receiver detects the corrupted packet, that is RS codeword, it sends a retransmission requirement and receives a copy of above mentioned packet. Exceptionally, if the corrupted packet doesn't reach the receiver on time, then the corrupted packet will be processed. VDSL2 systems have constant delay of RS symbols. It's value is set to 5 msec, whereas INP is set to 17. In other words, the retransmission protection lasts up to 4.25 msec. In order to implement the retransmission technique, it must be supported on the central office side as well as on the customer premises side. The retransmission technique allows bit rates that can be three times greater than impulse noise protection implemented by RS encoder and interleaver. At the same time, 5 msec delay represents multiple reduction of delay offered by RS encoder and interleaver. If DS/US fast retransmission mode is enabled, then interleaving is off and vice versa. Retransmission of packets is enabled also for ADSL2+ mode of operation. 11.1.9 Upstream power back-off (UPBO) When VDSL2 modems at customer premises are allowed to transmit at the maximum PSD, a spectral compatibility problem between VDSL2 lines results. To resolve this situation, upstream transmitters on shorter lines must reduce their transmit PSDs such that they do not unfairly compromise the upstream bit rates that can be accommodated on longer loops. The process of reducing the upstream transmit PSD to improve spectral compatibility between VDSL2 lines at different lengths is known as upstream power back-off (UPBO). The power back-off may be used in downstream direction as well. 11.1.10 PSD masks A transmit PSD mask determines the maximum allowable PSD, which is a function of frequency. Properties of PSD masks are defned in the telecommunication standard ITU-T G.993.2. This standard defines various frequency plans in different countries. Beside this, you can define your own customer PSD masks, which reflect particular conditions on the VDSL2 line. For example, new demands for RF egress suppression. The above mentioned standard defines various frequency bands, in the frequency spectrum, for upstream as well as for downstream traffic. The most important are two band plans: Plan A (997), Annex A, B and Plan B (998), Annex B, as shown in the figure below. The Plan B has been optimized for asymmetric services, while the Plan A is much more suitable for symmetric services. By limiting the maximum usable frequency is possible to use only some bands in these band plans. For a given binder of cables just a single band plan can be used. The VDSL2 system cannot transmit more power at any frequency than the PSD mask to which it conforms. To ensure the best spectral compatibility, the PSD mask should take in consideration all specifics of modeled crossstalk. The PSD templates are created for these purposes.
142
User guide (CLI)
The network element supports 32 different PSD masks. Half of them are for downstream traffic and half of them for upstream traffic. 6 of them are preconfigured, other can be user defined. PSD mask is applied to VDSL2 user port.
Figure 11-2: ITU-T G.993.2 frequency plans 11.1.11 VDSL2 frequency profiles VDSL2 standard defines different upstream and downstream frequency bands as well as different profiles for several applications. Each VDSL2 profile has prescribed bandwidth (MHz), number of DMT subchannels (carriers), tone spacing between (kHz) them and the maximal transmit line power (dBm), etc. The table below shows standardized VDSL2 profiles with their features: Table 11-1: VDSL2 Profiles Profile Bandwidth (MHz) Tones Tone Spacing (kHz) Line Power (dBm) Max DS/US Bit Rate (Mbps) Typical Deployment 8a 8.832 2048 4.3125 8b 8.832 2048 4.3125 8c 8.5 1972 4.3125 8d 8.832 2048 4.3125 12a 12. 2783 4.3125 12b 12. 2783 4.3125 17a 17.664 4096 4.3125
+17.5 60/14
+20.5 60/14
+11.5 60/14
+14.5 60/14
+14.5 68/16
+14.5 68/16
+14.5 100/60
CO
CO
FTTC
CO/FTTC
CO/FFTC
CO/FTTC
FTTC/FTTB
VDSL2 profiles, having bandwidth 8 MHz (8a, 8b, 8c, 8d) and 12 MHz (12a, 12b), are used above all in the central offices. For achieving so-called long reach (LR) operation they have to support U0 frequency band (Upstream Band 0) from 25 kHz to 138 kHz (POTS) or 125 kHz to 276 kHz (ISDN). In this case, the maximal line power should be up to +20.5 dBm.
User guide (CLI)
143
The configuration profile 17a is also used in the cabinets, which are not located far away from the subscribers. Therefore, U0 frequency band is not necessary, and the line power is not exceeding +14.5 dBm. From the explanation above is evident that the bigger line power (+ 20 dBm) excludes usage of large frequency plans. 11.1.12 VDSL2 Interoperability and ADSL2+ Backward Compatibility VDSL2 and ADSL2+ frame structure offers interoperability. The VDSL2 port also operates in the ADSL2+ mode. This is called ADSL2+ backward compatibility, or ADSL2+ fallback. It may be used in two cases: when the subscriber loop is too long and conditions are not suitable for VDSL2, or when there are two groups of subscribers with ADSL2+ and VDSL customer premises equipment. Thus, VDSL2 and ADSL2+ subscribers can be served by a single blade. Central office and Cabinet installations can coexist.
11.2 Managing DSL profiles

11.2.1 DSL profile parameters, descriptions and values Table 11-2 lists parameters of predefined DSL profiles with values or ranges and descriptions. Table 11-2: DSL profile parameters, descriptions and values PARAMETER BandPlan VALUES/RANGE Auto_Mode VDSL2 ADSL2+_Annex_B ADSL2+_Annex_A ADSL2+_Annex_M ADSL2_Annex_B ADSL2_Annex_A ADSL2_Annex_M ADSL2_Annex_L_Wide ADSL2_Annex_L_Narrow ADSL1_Annex_B ADSL1_Annex_A DEFAULT: Auto_Mode STEPSIZE DESCRIPTION / COMMENT With BandPlan user defines all protocols that BCM HW can operate on. There can be more than one supported protocol selected (in case of Auto_Mode all of them). In this case HW itself chooses the most appropriate one. If Auto_Mode mode is disabled than only VDSL2 protocol is supported. User can then add/remove protocols.
144
User guide (CLI)
PARAMETER VDSL2profile
VALUES/RANGE Auto_Mode 8a 8b 8c 8d 12a 12b 17a
STEPSIZE DESCRIPTION / COMMENT This parameter is relevant only when HW operates on VDSL2 protocol. With VDSL2profile user defines all VDSL2 profiles that BCM HW can operate on. There can be more than one profile selected (in case of Auto_Mode all of them). In this case HW itself chooses the most appropriate one. If Auto_Mode mode is disabled than only 17a profile is supported. User can then add/remove profiles. 0.1dB DS target SNR margin Remark: DsUpShiftNoiseMargin is DSL port specific parameter. In case that parameter DSTargetSnrMgn is greater than DsUpShiftNoiseMargin, then the parameter DsUpShiftNoiseMargin is automatically increased to appropriate value. 1kbps 1kbps 1ms 1symbol DS max. allowed data rate DS min. allowed data rate DS max. interleaved delay DS interleaved impulse noise protection DS rate adaptation mode. Manual: SRA is disabled. At_Line_Init: data rate is determined at line initialization procedure (training). Dynamic: data rate can change during the showtime line state without retrain. Detail settings for this mode are available through the port specific parameters. 1kbps DS min. data rate in L2 state.
DEFAULT: Auto_Mode DSTargetSnrMgn 0-DsUpShiftNoiseMargin dB
DEFAULT: 6dB
DSMaxDataRate DSMinDataRate DSMaxInterDelay DSIntINP DSRateAdaptMode
64-125000kbps DEFAULT: 100000kbps 0-125000kbps DEFAULT: 64kbps 1-32ms DEFAULT: 5ms 0,0.5,1,2,3,...,16symbols DEFAULT: 0.5symbol Manual At_Line_Init Dynamic DEFAULT: At_Line_Init
DSMinL2Rate
0-125000kbps DEFAULT: 5000kbps
User guide (CLI)
145
PARAMETER USTargetSnrMgn
VALUES/RANGE 0-UsUpShiftNoiseMargin dB DEFAULT: 6dB
STEPSIZE DESCRIPTION / COMMENT 0.1dB US target SNR margin Remark: UsUpShiftNoiseMargin is DSL port specific parameter. In case that parameter DSTargetSnrMgn is greater than DsUpShiftNoiseMargin than the parameter DsUpShiftNoiseMargin is automatically increased to appropriate value. 1kbps 1kbps 1ms 1symbol US max. allowed data rate US min. allowed data rate US max. interleaved delay US interleaved impulse noise protection US rate adaptation mode. Manual: SRA is disabled. At_Line_Init: data rate is determined at line initialization procedure (training). Dynamic: data rate can change during the showtime line state without retrain. Detail settings for this mode are available through the port specific parameters. Power Management (If transition into L2 (Low Power) mode is enable.)
USMaxDataRate USMinDataRate USMaxInterDelay USIntINP USRateAdaptMode
64-125000kbps DEFAULT: 100000kbps 0-125000kbps DEFAULT: 64kbps 1-32ms DEFAULT: 5ms 0,0.5,1,2,3,...,16symbols DEFAULT: 0.5symbol Manual At_Line_Init Dynamic DEFAULT: At_Line_Init
PowerManagement
Disabled Enabled DEFAULT: Disabled
11.2.2 Port specific parameters, descriptions and values The table lists port specific parameters of predefined DSL profiles with values or ranges and descriptions. Table 11-3: Port specific parameters, descriptions and values Parameter DsMaxDelay UsMaxDelay DsInp UsInp Values/range 1-32ms 1-32ms 0,0.5,1,2,3,..., 16symbols 0,0.5,1,2,3,..., 16symbols Stepsize Default value 1ms Defined by DSL profile 1ms assigned 1 symbol on DSL port. 1 symbol Description Max. DS interleave delay. Max. US interleave delay. DS impulse noise protection. US impulse noise protection.
146
User guide (CLI)
Parameter DsMaxSnrMargin
Values/range 0-31dB
Stepsize Default value 0.1dB 31.0dB
Description DS max. SNR margin. It must not be less than DSTargetSnrMgn parameter set in DSL profile. US max. SNR margin It must not be less than USTargetSnrMgn parameter set in DSL profile. DS min. SNR margin. US min. SNR margin. DS Up-Shift Noise Margin (for dynamic rate adaptive mode). Remark: DSTargetSnrMgn is a DSL profile parameter. US Up-Shift Noise Margin (for dynamic rate adaptive mode). Remark: USTargetSnrMgn is a DSL profile parameter. DS Up-Shift Time Interval (for rate dynamic adaptive mode). US Up-Shift Time Interval (for rate dynamic adaptive mode). DS Down-Shift Noise Margin (for dynamic rate adaptive mode). US Down-Shift Noise Margin (for dynamic rate adaptive mode). DS Down-Shift Time Interval (for rate dynamic adaptive mode). DS Down-Shift Time Interval (for rate dynamic adaptive mode). Min. time between an exit from the L2 state and the next entry into the L2 state. Min. time between an entry into the L2 state and the first power trim in the L2 state and between two consecutive power trims in the L2 state. Max. aggregate transmit
UsMaxSnrMargin
0-31dB
0.1dB
31.0dB
DsMinSnrMargin UsMinSnrMargin DsUpShiftNoiseMargin
0-31dB 0-31dB DSTargetSnrM gn - 31dB
0.1dB 0.1dB 0.1dB
0dB 0dB 8.5dB
UsUpShiftNoiseMargin
USTargetSnrM gn - 31dB
0.1dB
8.5dB
DsUpShiftTimeInterval
0-16383s
1s
60s
UsUpShiftTimeInterval
0-16383s
1s
60s
DsDownShiftNoiseMargin
0-31dB
0.1dB
3.5dB
UsDownShiftNoiseMargin
0-31dB
0.1dB
3.5dB
DsDownShiftTimeInterval
0-16383s
1s
20s
UsDownShiftTimeInterval
0-16383s
1s
20s
MinTimeReEnteringL2Mode
0-255s
1s
120s
MinTimePowerTrimInL2
0-255s
1s
30s
MaxPowerReductionL0ToL2
0-
1dB
3dB
User guide (CLI)
147
Parameter
Values/range MaxPowerRedu ctionL2 dB
Stepsize Default value
Description power reduction that can be performed at transition of L0 to L2 state or through a single power trim in the L2 state. Total maximum aggregate transmit power reduction that can be performed in L2 state. Max. nominal aggregate transmit power in the DS direction during initialization and showtime. Max. nominal aggregate transmit power in the DS direction during initialization and showtime. Assumed electrical length of cables (E-side cables) connecting exchange based DSL services to a remote flexibility point (cabinet). The electrical length is defined as the loss (in dB) of an equivalent length of hypothetical cable at a reference frequency. Defines the US PBO force mode. This configuration parameter defines the electrical length expressed in dB at 1MHz, configured by the COMIB. DS fast retransmission mode. If it is on, then interleaving is off and vice versa. US fast retransmission mode. If it is on, then interleaving is off and vice versa.
MaxPowerReductionL2
MaxPowerRedu ctionL0ToL2 15 dB 0-20dBm
1dB
6dB
DsMaxTxPower
0.1dB
20dBm
UsMaxTxPower
0-20dBm
0.1dB
14.5dBm
UsPowerBackOffLevel
0-255.5dB
0.5dB
0dB
UsPboControl
UsPowerBackOffLevel
Auto Override Disable 0-128dB
Disable
0.1dB
0dB
DsFastRtmMode
Auto Enable Disable Auto Enable Disable
Auto
UsFastRtmMode
Auto
148
User guide (CLI)
11.2.3 Displaying a list of default profiles To display a list of default profiles: Step 1 Mode (EV)# Command show dsl profile all Purpose Display a list of all profiles that are provided.
Example: (EV)# show dsl profile all Profile Type Currently in Use -------------------------------------------------------------Default_10/10 Default No Default_100/100 Default Yes Default_100/70 Default No Default_100/70_Video Default Yes Default_20/10_8a Default No Default_20/10_8b Default No Default_25/1_8b Default No Default_40/20 Default No Default_40/20_Fast Default No Default_ADSL2+_23/3 Default No bar Local Yes foo Local Yes tar Local Yes 11.2.4 Displaying detailed settings of a single profile To display detailed information of a specific default profile: for example, Default_100/70_Video: Step 1 Mode (EV) # Command show dsl profile <name> Purpose Display detailed information of the selected profile
Example: (EV)# show dsl profile Default_100/70_Video Profile Name: Profile Type: Ports Where Used: Default_100/70_Video Default 0/1 0/5 0/15
Detailed Description: -------------------------------------------------------------Protocols: Auto Mode VDSL2 Profiles: Auto Mode DS Max. Data Rate: 100000 kbps DS Min. Data Rate: 64 kbps US Max. Data Rate: 70000 kbps US Min. Data Rate: 64 kbps DS Target SNR Margin: 6.0 dB
User guide (CLI)
149
6.0 dB 16 ms 2 ms 4.0 symbol(s) 1.0 symbol(s) 5000 kbps At Line Initialization At Line Initialization Disabled
US Target SNR Margin: DS Max. Inter. Delay: US Max. Inter. Delay: DS INP: US INP: DS L2 Min. Data Rate: DS Rate-Adaptive Mode: US Rate-Adaptive Mode: Power MNG state enable:
11.2.5 Displaying interfaces with assigned DSL profiles To display all interfaces with DSL profiles assigned: Step 1 Mode (EV) # Command show dsl port profile all Purpose Display all interfaces with DSL profile name and type assigned to each
Example: (EV)# show dsl port profile all Port Profile Type --------------------------------------------------------------0/1 Default_100/70_Video Default 0/2 tar Local 0/3 bar Local 0/4 Default_100/100 Default 0/5 Default_100/70_Video Default 0/6 Default_100/100 Default 0/7 Default_100/100 Default 0/8 Default_100/100 Default 0/9 Default_100/100 Default 0/10 Default_100/100 Default 0/11 Default_100/100 Default 0/12 Default_100/100 Default 0/13 Default_100/100 Default 0/14 Default_100/100 Default 0/15 Default_100/70_Video Default 0/16 Default_100/100 Default 0/17 Default_100/100 Default 0/18 Default_100/100 Default 0/19 Default_100/100 Default 0/20 Default_100/100 Default 0/21 Default_100/100 Default 0/22 Default_100/100 Default 0/23 Default_100/100 Default 0/24 Default_100/100 Default 0/25 Default_100/100 Default 0/26 Default_100/100 Default 0/27 Default_100/100 Default 0/28 Default_100/100 Default 0/29 Default_100/100 Default 0/30 Default_100/100 Default
150
Default_100/100 Default_100/100 Default Default
User guide (CLI)
0/31 0/32
11.2.6 Displaying details of a DSL profile assigned to interface To display a DSL profile and its details assigned to a specific interface: Step 1 Mode (EV) # Command show dsl port profile <interface> Purpose Display the DSL profile details assigned to selected interface
Example: (EV)# show dsl port profile 0/1 Port: 0/1 Profile Assigned: Default_100/70_Video Profile Type Assigned: Default Detailed Description: -----------------------------------------------------------Protocols: Auto mode VDSL2 Profile: Auto mode DS Max. Data Rate: 100000 kbps DS Min. Data Rate: 64 kbps US Max. Data Rate: 70000 kbps US Min. Data Rate: 64 kbps DS Target SNR Margin: 6.0 dB US Target SNR Margin: 6.0 dB DS Max. Inter. Delay: 16 ms US Max. Inter. Delay: 2 ms DS INP: 4.0 symbol(s) US INP: 1.0 symbol(s) DS L2 Min. Data Rate: 5000 kbps DS Rate-Adaptive Mode: At Line Initialization US Rate-Adaptive Mode: At Line Initialization Power MNG state enable: Disabled 11.2.7 Creating a new profile This operation enables you to create a new profile, which adopts parameter values either of the default DSL profile or of any existing profiles that you specify. Additionally, modify the parameter values according to your needs (See the section Modifying the DSL profile values). To create a new profile: Step 1 2 Mode (EV) # (EV)(Config) # Command configure dsl profile <new name> [from <profile_name>] Purpose Enter configuration mode. Create a <new_name> profile with parameter values adopted from the default profile. Use the option from <profile_name>, to create a profile with values adopted from the specified profile.
User guide (CLI)
151
11.2.8 Modifying the DSL profile values You can modify only certain parameter values like: DS Max. Inter. Delay (), US Max. Inter. Delay (), DS INP (), US INP ().
Note: When you modify DSL profile and port specific values, the DSL line and ports to which this DSL profile is attached, will go to retrain.
Note: For a list of DSL profile parameters and value ranges see the table DSL profile parameters, descriptions and values. To modify the DSL profile: Step 1 2 Mode (EV) # (EV)(Config) # Command configure dsl profile <name> <parameter> <value> Purpose Enter configuration mode. Modify the <value> of <parameter> of the <name> profile.
11.2.9 Modifying port specific parameters and values When you modify the port specific parameter values, these changed settings will remain valid until the DSL profile assigned to this profile is changed.
Note: When you modify DSL profile and port specific values, the DSL line and ports to which this DSL profile is attached, will go to retrain.
Note: For a list of DSL profile parameters and value ranges see the tables DSL profile parameters, descriptions and values and Port specific parameters, descriptions and values. To modify port specific parameters and values: Step 1 2 3 Mode (EV) # (EV)(Config) # (EV)(Interface 0/x)# Command configure interface <interface> dsl port specific <parameter> <value> Purpose Enter configuration mode. Enter interface mode Modify the port specific profile values of parameters
11.3 Managing the VDSL2 interface

11.3.1 Activating the interface By activating an interface, you trigger the DSL line to train. To activate the administrative state of all interfaces: Note: To activate a single interface, enter the interface mode and run the command dsl port active.
152
User guide (CLI)
Step 1 2
Mode (EV)# (EV)(Config) #
Command configure dsl port active all
Purpose Enter configuration mode. Enable (activate) administrative state on all interfaces
Example: (EV)# configure (EV)(Config)# dsl port active all (EV)(Config)# exit (EV)# show dsl port state all
Port: 0/1 ---------------------------------------------------------------Admin State: Enabled. Operational State: Active - Showtime L0 Time from Last Change: 14974s = 0d 4h 9m 34s Port: 0/2 ---------------------------------------------------------------Admin State: Enabled. Operational State: Active - Showtime L0 Time from Last Change: 442168s = 5d 2h 49m 28s Port: 0/3 ---------------------------------------------------------------Admin State: Enabled. Operational State: Quiet Time from Last Change: 442188s = 5d 2h 49m 48s Port: 0/4 ---------------------------------------------------------------Admin State: Enabled. Operational State: Active - Showtime L0 Time from Last Change: 442173s = 5d 2h 49m 33s 11.3.2 Resetting the interface By resetting an interface, you trigger the re-training of the DSL line. To reset the interface: Step 1 2 Mode (EV)(Config) # (EV)(Interafce 0/x) # Command interface <interface> dsl port reset Purpose Enter interface mode Reset the selected interface.
Example: (EV)# configure (EV)(Config)# interface 0/2 (EV)(Interface 0/2)# dsl port reset (EV)(Interface 0/2)# exit
User guide (CLI)
153
11.3.3 Adding a RF notch with suppressed bandwidth This operation adds a RF notch with suppressed bandwidth between the start and end frequency. RF notch is a filter that filters out an outside RF signal that jams at bandwidth between the start and end frequency. RF notch also defines bandwidth with no data transmission The frequency is rounded down to the nearest multiple of 4.3125kHz. A maximum of 16 notches can be defined per DSL port. To add a RF notch: Step 1 2 Mode (EV)(Config) # (EV)(Interface 0/x) # Command interface <interface> dsl port notch <start_freq> <end freq> Purpose Enter interface mode. Add a notch with the specified start and end frequency to selected interface.
Example: (EV)# configure (EV)(Config)# interface 0/1 (EV)(Interface 0/1)# dsl port notch 0 8.625 (EV)(Interface 0/1)# exit (EV)(Config)# exit (EV)# show dsl port notches 0/1 Notches defined on DSL port 1: Start frequency [kHz] End frequency [kHz] ------------------------------------------------0 8.625 17.25 38.8125 146.625 336.375 1461.94 1574.06 11.3.4 Configuring seamless rate adaptation (SRA) Note: In order to configure or modify the SRA, the DS and US adaptation mode must be set to Dynamic. Check and modify the DSRateAdpatMode and USRateAdaptMode of the attached DSL profile appropriately. To modify port specific parameters and values: Note: For a list of parameters and value ranges see the tables DSL profile parameters, description and Port specific parameters, descriptions and values.
154
User guide (CLI)
Step 1 2 3
Mode (EV) # (EV)(Config) # (EV)(Interface 0/x)#
Command configure interface <interface> dsl port specific <parameter> <value>
Purpose Enter configuration mode. Enter interface mode Modify the port specific profile values of parameters: DsMaxSnrMargin UsMaxSnrMargin DsMinSnrMargin UsMinSnrMargin DsUpShiftNoiseMargin UsUpShiftNoiseMargin DsUpShiftTimeInterval UsUpShiftTimeInterval DsDownShiftNoiseMargin UsDownShiftNoiseMargin DsDownShiftTimeInterval UsDownShiftTimeInterval
11.3.5 Configuring impulse noise reduction (INP) To modify port specific parameters and values: Note: For a list of parameters and value ranges see the tables DSL profile parameters, descriptions and values and Port specific parameters, descriptions and values.
Step 1 2 3
Purpose Enter configuration mode. Enter interface mode Modify the port specific profile values of parameters: DsInp UsInp
11.3.6 Configuring retransmission To modify port specific parameters and values: Note: For a list of parameters and value ranges see the tables DSL profile parameters, descriptions and values and Port specific parameters, descriptions and values.
Step 1 2 3
Purpose Enter configuration mode. Enter interface mode Modify the port specific profile values of parameters: DsFastRtmMode UsFastRtmMode
User guide (CLI)
155
11.3.7 Configuring upstream power-back-off (UPBO) To modify port specific parameters and values: Note: For a list of parameters and value ranges see the tables DSL profile parameters, descriptions and values and Port specific parameters, descriptions and values.
Step 1 2 3
Purpose Enter configuration mode. Enter interface mode Modify the port specific profile values of parameters: UsPowerBackOffLevel UsPboControl UsPowerBackOffLevel
11.3.8 Displaying the interface state This operation displays the following states of one selected or of all interfaces: administrative state (Enabled or Disabled) operational state (Idle, Active, Init, Quiet, Loop Diagnostic or Test Mode) time of last change (time from last administrative or operational state change) To display the interface state: Step 1 Mode (EV)# Command show dsl port state <interface> Purpose Display the state of the selected interface
Example: (EV)# show dsl port state 0/2 Admin State: Enabled. Operational State: Quiet Time from Last Change: 66462s = 0d 18h 27m 42s
Note: To display the state of all interfaces, run the show dsl port state all command.
11.3.9 Displaying the current values of DSL line, To display the current values of DSL line: Step 1 Mode (EV)# Command show dsl port current values <interface> Purpose Display the current values of the DSL line of the selected interface.
156
User guide (CLI)
Example: (EV)# show dsl port current values 0/2
Operational state: Profile: Protocol: VDSL2 Profile:
Active - Showtime L0 Default_100/100 VDSL2 17A
Downstream Upstream ---------------------------------------------------------------------Data rate: 99997 kbps 60013 kbps Output power: 14.1 dBm 10.1 dBm PSD: 0.0 dBm/Hz 0.0 dBm/Hz Attainable data rate: 108100 kbps 65314 kbps SNR margin: 6.8 dB 4.6 dB Delay: 5 ms 2 ms PBO level: 1.2 dB Coding type: Trellis-Reed-Solomon Trellis-ReedSolomon Impulse noise protection: 1.0 symbol(s) 0.5 symbol(s) Line Attenuation (Per Band): 7.8dB/10.5dB/17.7dB 102.3dB/2.3dB/1.0dB/0.3dB Signal Attenuation(Per Band): 7.8dB/10.5dB/17.7dB 102.3dB/2.2dB/0.6dB/0.0dB 11.3.10 Displaying the port performance counters This operation displays port performance counters on the DSL port. There are two types of the port performance counters, namely counters that count different anomalies within 15 minute intervals and counters that count anomalies within 24 hour intervals, Anomalies such as error seconds represent the time within the (15min/24h) interval when the anomaly was present. The errored seconds parameter is account of one second intervals containing one or more CRC anomalies or one or more LOS defects. For detail description see ITU-T G.997.1 standard. Beside port performance counters in current 15 minutes or 24 hours interval, also a history of port performance counters for previous 96 15-minute intervals as well as history for previous 30 24-hour interval are kept. To obtain port performance counters, use one variation of the show dsl port performance [daily] <interval> <interface> command. Option [daily] displays 24h counters. If option [daily] is omitted, 15-minute interval counters will be displayed. Parameter <interval> can be either current (displaying current state of counters - before interval is completed or a number in range from 0 to 96 (for 15-minute interval), or from 0 to 30 (for the 24hour interval). Interval zero is the same as current. A higher interval number means older interval. The range of counters for 15-minute intervals is from 0 to 900 and for 24-hour interval is from 0 to 86400. Step 1 Mode (EV)# Command show dsl port performance [daily]<interval><interface> Purpose Display the current values of the DSL line of the selected interface.
User guide (CLI)
157
Example: (EV)# show dsl port performance current 0/2 15 min counters on interval 0 Totally elapsed seconds in this interval: 306 Counter Local Remote ---------------------------------------------------------------------Loss of Signal Seconds: 306 306 Errored Seconds: 306 306 Severely Errored Seconds: 306 306 Unavailable Seconds: 306 306 Forward Error Correction Seconds: 0 0 Line Initialization Attempts : 0 0 Failed Line Initialization Attempts: 0 0 11.3.11 Displaying the CPE vendor information The CPE vendor information is displayed in HEX and ASCII format. To display the CPE vendor information: Step 1 Mode (EV)# Command show dsl port vendor 0/1 Purpose Display the CPE vendor information on the selected interface.
Example: (EV)# show dsl port vendor 0/1 Vendor ID HEX: Vendor ID ASCII: Serial Number HEX: Serial Number ASCII: 0xff b5 53 47 4e 50 01 42 <string of length 8 char> <string of length 32 char> <string of length 32 char>
Version Number HEX: 4132707636624330313463 Version Number ASCII: A2pv6bC014c 11.3.12 Displaying the System state This operation displays the state of the VDSL system. The state can either be Operational or System not Ready. Step 1 Mode (EV) # Command show dsl system state Purpose Display the system state.
Example: (EV)# show dsl system state Operational.
158
User guide (CLI)
11.3.13 Displaying the firmware version This operation displays DSL firmware version. Step 1 Mode (EV) # Command show dsl firmware Purpose Display the system firmware version
Example: (EV)# show dsl firmware Firmware v10.3.8, HMI v10.0
11.4 Managing PSD masks

When VDSL2 is connected in a subloop (FTTB), and ADSL2+ is connected at a central office (CO), the control of the VDSL2 transmit power has to be provided in the subloop in order to ensure spectral compatibility with the systems connected at the central office (CO). 11.4.1 Standardized PSD class masks The PSD class masks are defined in the ITU-T G.993.2 standard. According to the standard, the masks have a class ID number between 0 and 99. Class ID number is used MN DB use. Since these masks reflect the standard, they cannot be modified. All other types of PSD masks have class ID number 100. The PSD class masks have the same class ID number and name for both transmission directions because they are inherently dependant. When a PSD class mask is chosen for one transmission direction, it is chosen for another direction as well. Step 1 Mode (EV)# Command show dsl psd-class-mask all Purpose Display all PSD class masks
(EV)# show dsl psd-class-mask all PSD Class Mask Class ID Currently in Use --------------------------------------------------------------997E17_M2x_A 45 No 997_M1c_A_7 37 No 997_M1x_M 39 No 997_M1x_M_8 38 No 997_M2x_A 41 No 997_M2x_M 42 No 997_M2x_M_8 40 No 998ADE17_M2x_A 31 No 998ADE17_M2x_B 32 No 998ADE17_M2x_NUS0_M 30 No 998E17_M2x_NUS0 28 Yes 998E17_M2x_NUS0_M 29 No 998_M1x_A 21 No 998_M1x_B 22 No 998_M1x_NUS0 23 No 998_M2x_A 24 No 998_M2x_B 26 No
User guide (CLI)
159
25 27 43 44 No No No No
998_M2x_M 998_M2x_NUS0 HPE17_M1_NUS0 HPE30_M1_NUS0
11.4.1.1 Assigning a PSD class mask to a specific interface Once a PSD class mask is assigned to a specific port, you can further apply custom PSD masks over it and modify the settings.
Note: When you assign a PSD class mask to an interface, the port will go to retrain.
Note: When you assign a PSD class mask to an interface, any previously assigned custom PSD mask (both, upstream and downstream) will be cleared. To assign a standardized PSD class mask to a specific interface: Step 1 2 3 Mode (EV)# (EV)(Config)# (EV)(Interface 0/x)# Command configure interface <interface> dsl port psd-class-mask <name> Purpose Enter configuration mode. Enter interface mode Assign a <name> class mask to the specified interface.
Example: (EV)# configure (EV)(Config)# interface 0/5 (EV)(Interface 0/5)# dsl port psd-class-mask 997_M2x_M 11.4.2 Custom PSD masks PSD mask name for DS can be the same as for US since masks are distinguished by the ds|us option specifier. 11.4.2.1 Downstream PSD masks Step 1 Mode (EV)# Command show dsl psd-mask ds all Purpose Display all downstream PSD masks
Downstream PSD mask Class ID Currently in Use ---------------------------------------------------------------------------Custom_b997_M1c_A_7 100 Default No Custom_b997_M1x_M 100 Default No Custom_b997_M1x_M_8 100 Default No Custom_b997_M2x_A 100 Default No Custom_b997_M2x_M 100 Default No Custom_b997_M2x_M_8 100 Default No Custom_b998ADE17_M2x_A 100 Default No Custom_b998ADE17_M2x_B 100 Default No
160
100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 Default Default Default Default Default Default Default Default Default Default Default Default Default Default Default No No No No No No No No No No No No No No No
User guide (CLI)
Custom_b998ADE17_M2x_NUS0_M Custom_b998E17_M2x_NUS0 Custom_b998E17_M2x_NUS0_M Custom_b998_M1x_A Custom_b998_M1x_B Custom_b998_M1x_NUS0 Custom_b998_M2x_A Custom_b998_M2x_B Custom_b998_M2x_M Custom_b998_M2x_NUS0 Custom_bHPE17_M1_NUS0 DS_Custom_01 DS_Custom_02 DS_Custom_03 empty 11.4.2.2 Upstream PSD masks Step 1 Mode (EV)#
Command show dsl psd-mask us all
Purpose Display all upstream PSD masks
Upstream PSD mask Class ID Currently in Use ---------------------------------------------------------------------------Custom_b997_M1c_A_7 100 Default No Custom_b997_M1x_M 100 Default No Custom_b997_M1x_M_8 100 Default No Custom_b997_M2x_A 100 Default No Custom_b997_M2x_M 100 Default No Custom_b997_M2x_M_8 100 Default No Custom_b998ADE17_M2x_A 100 Default No Custom_b998ADE17_M2x_B 100 Default No Custom_b998ADE17_M2x_NUS0_M 100 Default No Custom_b998E17_M2x_NUS0 100 Default No Custom_b998E17_M2x_NUS0_M 100 Default No Custom_b998_M1x_A 100 Default No Custom_b998_M1x_B 100 Default No Custom_b998_M1x_NUS0 100 Default No Custom_b998_M2x_A 100 Default No Custom_b998_M2x_B 100 Default No Custom_b998_M2x_M 100 Default No Custom_b998_M2x_NUS0 100 Default No Custom_bHPE17_M1_NUS0 100 Default No US_Custom_01 100 Default No US_Custom_02 100 Default No US_Custom_03 100 Default No empty 100 Default No
User guide (CLI)
161
11.4.2.3 Displaying detailed information of a PSD mask To display a detailed description of a specified PSD mask: Step 1 Mode (EV) # Command show dsl psd-mask ds|us <name> Purpose Display detailed information of a DS or US mask
Example: (EV)# show dsl psd-mask us Custom_b997_M1c_A_7 PSD Mask Name: Transmission Direction: PSD Mask Class ID: PSD Mask Type: DSL Ports Where Used: Detailed Description: Frequency[kHz], Carrier, Level [dBm/Hz] --------------------------------------------------4.3125 1 -93 25.875 6 -35 138 32 -35 228.562 53 -80 245.812 57 -94 690 160 -100 2829 656 -100 3001.5 696 -80 3001.5 696 -57 5101.69 1183 -57 5101.69 1183 -80 8504.25 1972 -80 5278.5 1224 -100 30002.1 6957 -100 11.4.2.4 Creating a custom PSD mask You can create a new US or DS PSD mask which adopts parameter values of the default PSD mask or of any existing custom mask that you specify. Additionally, add, delete or modify the parameter values frequency and max transmission power - according to your needs (See the section Modifying the frequency and max ). To create a new US PSD mask with parameter values adopted from the default values: Step 1 2 Mode (EV) # (EV)(Config) # Command configure dsl psd-mask us <new name> [from <name>] Purpose Enter configuration mode. Create a <new_name> mask with parameter values adopted from the default PSD mask. Use the option from <name>, to create a mask with values adopted from the specified PSD mask. Custom_b997_M1c_A_7 Upstream 100 Default
162
User guide (CLI)
11.4.2.5 Modifying the frequency and max transmission power You can modify the frequency (in KHz) and the power spectrum density (in dBm/Hz). Entered frequency can be arbitrary; however, the application rounds it down to the nearest valid frequency. Valid frequencies are a multiplier of the frequency band of the sub-carrier which is 4135Hz. Maximum valid frequency is currently 30000kHz. The valid power spectrum density values range from 0dBm/Hz to -127.5dBm/Hz (the value 0dBm/Hz represents maximal transmission power per Hz of bandwidth (1mW), while the value127.5dBm/Hz virtually means no transmission power).
Note: When you modify the PSD, all lines where this PSD mask is used will go to retrain.
Step 1 2
Mode (EV) # (EV)(Config) #
Command configure dsl psd-mask us <name> <frequency><level>
Purpose Enter configuration mode. Modify the frequency kHz (<frequency> in kHz) and power spectrum density (<level> in dBm/Hz) of the specified PSD mask.
11.4.2.6 Assigning a PSD mask to a specific interface You can assign an upstream or a downstream PSD mask to a specific interface.
Note: By default, a PSD class mask 998E17_M2x_NUS0 is assigned to all interfaces.
Note: When you assign a PSD mask to an interface, the port will go to retrain.
To assign a PSD mask to a specific interface: Step 1 2 3 Mode (EV) # (EV)( Config) # (EV)( Interface 0/x) # Command configure interface <interface> dsl port psd-mask ds|us <name> Purpose Enter configuration mode. Enter interface mode Assign a PSD mask <name> to the specified interface.
11.4.2.6.1 Displaying assigned PSD masks to all interfaces To display all interfaces with PSD masks assigned: Step 1 Mode (EV) # Command show dsl port psd-mask all Purpose Display PSD masks for all interfaces. This command displays both upstream and downstream PSD masks assigned.
User guide (CLI)
163
Example: (EV)# show dsl port psd-mask all Port Upstream PSD Mask Type PSD Class Mask ----------------------------------------------------------------------------0/1 No custom PSD mask assigned. 998E17_M2x_NUS0 0/2 No custom PSD mask assigned. 998E17_M2x_NUS0 0/3 No custom PSD mask assigned. 998E17_M2x_NUS0 0/4 No custom PSD mask assigned. 998E17_M2x_NUS0 0/5 Custom_b998_M2x_NUS0 Default 997_M2x_M 0/6 No custom PSD mask assigned. 998E17_M2x_NUS0 0/7 No custom PSD mask assigned. 998E17_M2x_NUS0 0/8 No custom PSD mask assigned. 998E17_M2x_NUS0 0/9 No custom PSD mask assigned. 998E17_M2x_NUS0 0/10 No custom PSD mask assigned. 998E17_M2x_NUS0 0/11 No custom PSD mask assigned. 998E17_M2x_NUS0 0/12 No custom PSD mask assigned. 998E17_M2x_NUS0 0/13 No custom PSD mask assigned. 998E17_M2x_NUS0 0/14 No custom PSD mask assigned. 998E17_M2x_NUS0 0/15 No custom PSD mask assigned. 998E17_M2x_NUS0 0/16 No custom PSD mask assigned. 998E17_M2x_NUS0 0/17 No custom PSD mask assigned. 998E17_M2x_NUS0 0/18 No custom PSD mask assigned. 998E17_M2x_NUS0 0/19 No custom PSD mask assigned. 998E17_M2x_NUS0 0/20 No custom PSD mask assigned. 998E17_M2x_NUS0 0/21 No custom PSD mask assigned. 998E17_M2x_NUS0 0/22 No custom PSD mask assigned. 998E17_M2x_NUS0 0/23 No custom PSD mask assigned. 998E17_M2x_NUS0 0/24 No custom PSD mask assigned. 998E17_M2x_NUS0 0/25 No custom PSD mask assigned. 998E17_M2x_NUS0 0/26 No custom PSD mask assigned. 998E17_M2x_NUS0 0/27 No custom PSD mask assigned. 998E17_M2x_NUS0 0/28 No custom PSD mask assigned. 998E17_M2x_NUS0 0/29 No custom PSD mask assigned. 998E17_M2x_NUS0 0/30 No custom PSD mask assigned. 998E17_M2x_NUS0 0/31 No custom PSD mask assigned. 998E17_M2x_NUS0 0/32 No custom PSD mask assigned. 998E17_M2x_NUS0 Port Downstream PSD Mask Type PSD Class Mask ----------------------------------------------------------------------------0/1 No custom PSD mask assigned. 998E17_M2x_NUS0 0/2 No custom PSD mask assigned. 998E17_M2x_NUS0 0/3 No custom PSD mask assigned. 998E17_M2x_NUS0 0/4 No custom PSD mask assigned. 998E17_M2x_NUS0 0/5 No custom PSD mask assigned. 997_M2x_M 0/6 No custom PSD mask assigned. 998E17_M2x_NUS0 0/7 No custom PSD mask assigned. 998E17_M2x_NUS0 0/8 No custom PSD mask assigned. 998E17_M2x_NUS0 0/9 No custom PSD mask assigned. 998E17_M2x_NUS0 0/10 No custom PSD mask assigned. 998E17_M2x_NUS0 0/11 No custom PSD mask assigned. 998E17_M2x_NUS0 0/12 No custom PSD mask assigned. 998E17_M2x_NUS0 0/13 No custom PSD mask assigned. 998E17_M2x_NUS0 0/14 No custom PSD mask assigned. 998E17_M2x_NUS0
164
No No No No No No No No No No No No No No No No No No custom custom custom custom custom custom custom custom custom custom custom custom custom custom custom custom custom custom PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD PSD mask mask mask mask mask mask mask mask mask mask mask mask mask mask mask mask mask mask assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned. assigned.
User guide (CLI)
0/15 0/16 0/17 0/18 0/19 0/20 0/21 0/22 0/23 0/24 0/25 0/26 0/27 0/28 0/29 0/30 0/31 0/32
998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0 998E17_M2x_NUS0
11.4.2.6.2 Displaying a PSD mask assigned to a specific interface Step 1 Mode (EV) # Command show dsl port psd-mask <interface> Purpose Display a PSD mask assigned to a specific interface. This command displays both upstream and downstream PSD masks assigned
Example: (EV)# show dsl port psd-mask 0/5 Port: 0/5
Upstream Transmission Direction: PSD PSD PSD PSD Mask Name: Mask Class ID: Mask Type: Class Mask: Custom_b998_M2x_NUS0 100 Default 997_M2x_M
Downstream Transmission Direction: PSD PSD PSD PSD Mask Name: Mask Class ID: Mask Type: Class Mask: No custom PSD mask has been assigned.
997_M2x_M
Detailed Description: ------------------------------------------------------------Upstream Transmission Direction: Custom_b998_M2x_NUS0
User guide (CLI)
165
Frequency[kHz], Carrier, Level [dBm/Hz] ------------------------------------------------4.3125 1 -100 3575.06 829 -100 3751.88 870 -80 3751.88 870 -52 5200.88 1206 -53 5377.69 1247 -100 8504.25 1972 -80 8504.25 1972 -55 12001.7 2783 -56 12001.7 2783 -80 12178.5 2824 -100 No custom PSD mask has been assigned.
12 Managing alarms and diagnostic tests

This chapter describes how to manage the alarms and diagnostic tests. This chapter consists of the following sections: Understanding Configuring the alarms Configuring the diagnostic tests
12.1 Understanding
12.1.1 Alarms The errors trigger alarms that are displayed in the Fault Monitor System (FMS). The priority of an alarm matches the priority of the error that triggered it. You can configure alarm filter, alarm severity and error measure activity. 12.1.2 Diagnostic tests The diagnostic tests are used for detecting errors, and for determining HW and SW states during the normal system operation. They are executed in cycles according to a schedule. Test results are the basis for diagnostic messages produced by the test software (INTPO). The task of the diagnostic messages is to provide information on the error type, error location, alarm priority and the time of error occurrence, or status. Diagnostic messages can be error, status or alarm messages and are written to the system disk files. The messages are intended for viewing the alarms in the Fault Monitor System. Table 12-1: List of on-line diagnostic tests Test Code 8 139 145 178 188 Diagnostic Test Disk usage test Module overheating control Module equipment test Real-time clock test Disk consistency test Short description Cyclic checks of available disk capacity. Cyclic checks of module temperature. Cyclic checks of module equipment. Cyclic checks of real-time clock. Cyclic checks of disk consistency.
166
User guide (CLI)
12.2 Configuring the alarms

12.2.1 Configuring the alarm filter This operation configures list of administratively blocked alarms. <code-mask> is the alarm code pattern where regular expression describes one or more alarm codes. <object> is the object Id pattern where regular expression describes one or more test objects. To configure the alarm filter: Step 1 2 Mode (EV)# (EV) (Diagnostics)# Command diagnostics set alarm-filter code <codemask> object <object> Purpose Enter into global diagnostics mode. Add alarm filter.
Example: (EV)# diagnostics (EV)(Diagnostics)#set alarm-filter code 007 object 3 12.2.1.1 Displaying the alarm filter To display alarm filter: Step 1 Mode (EV) # Command show alarm-filters Purpose Display alarm filter.
Example: (EV)# show alarm-filters Alarm Code Pattern Object Id Pattern -------------------- -----------------------290007[0-3] filtered object 007[0-3].* filtered object 07[678].* filtered object 12.2.2 Configuring the alarm severity This operation adds an on-object severity. Values for severity are: critical, major, minor or warning. <code> is alarm code while <object> is object Id pattern where regular expression describes one or more test objects. To configure the alarm severity: Step 1 2 Mode (EV)# (EV) (Diagnostics)# Command diagnostics set alarm-severity <severity> code <code> object <object> Purpose Enter into global diagnostics mode. Add alarm severity.
User guide (CLI)
167
Example: (EV)# diagnostics (EV)(Diagnostics)# set alarm-severity minor code 2900073 object 4 12.2.2.1 Displaying the alarm severities To display alarm severities: Step 1 Mode (EV) # Command show alarm-severities Purpose Display alarm severities.
Example: (EV)# show alarm-severities Alarm Code Severity Object Id Pattern ------------ ------------- ----------------------------2900071 major priority object 1 2900072 major priority object 2 2900073 major priority object 3
12.2.3 Configuring the error measure activity This operation enables error measure activity. <code> is the alarm code pattern. To enable measure activity: Step 1 2 Mode (EV)# (EV) (Diagnostics)# Command diagnostics set error-measure code <code> Purpose Enter into global diagnostics mode. Enable measure activity.
Example: (EV)# diagnostics (EV)(Diagnostics)#set error-measure code 1300030 12.2.4 Displaying the alarm list To display a list of all possible alarms: Step 1 Mode (EV) # Command show alarm-list Purpose Display alarm-list.
Example: (EV)# show alarm-list

Alarm Code -----------100010 600010 600020 600030 Severity ------------Warning Major Critical Major Error Description Measure --------------------------------------------- --------Console reset 31 Free disk size low threshold exceeded 1 Free disk size threshold exceeded critical 113 File system failure 1 Measure -------1 Enable Enable Enable Enable
168
User guide (CLI)
1300010 1300030 1300040 2200020 2200030 2200040 2200050 2200060 2200070 2200080 2200090 2200130 2200140 2200170 2200280 2200290 2200300 2200310 2200420 2200430 2200440 2200450 2200460 2200480
Critical Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor Minor
Real-time clock not correct NTP server is not responding NTP synchronization not running Failure in port activation process Far-end loss of power failure Near-end loss of signal failure Far-end loss of signal failure Near-end loss of frame failure Far-end remote failure indication Near-end SNR threshold margin exceeded Far-end SNR threshold margin exceeded Far-end loss of frame Near-end loss of power Port unstable Loss of cell delineation on near-end Loss of cell delineation on far-end No cell delineation on near-end No cell delineation on far-end Failure due to near-end excessive severe erro Failure due to far-end excessive severe error Initial configuration failed Initial configuration not feasible Initialization failed due to persistent proto No modem detected
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable
12.2.5 Displaying recently reported alarms To display a summary of recently reported alarms. Alarms are listed in the same order as they occurred: Step 1 Mode (EV) # Command show alarms Purpose Display alarms.
Example: (EV)# show alarms

Alarm Code Severity Error Description DM DC Object Identity ----------------------------------------------------------------------------------------------2200480 Minor No modem detected 13 0 SGR01.Slot0/Port27 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port28 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port29 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port30 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port31 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port32 ----------------------------------------------------------------------------------------------33 total alarms: 0 critical, 1 major, 32 minor, 0 warning(s), 0 indeterminate ------------------------------------------------------------------------------------------------Legende: DM = Diagnostic module, DC = Diagnostic component
User guide (CLI)
169
12.2.6 Displaying the alarm detail To display currently reported alarms in detail: Step 1 Mode (EV) # Command show alarms detail Purpose Display alarms in detail.
Example: (EV)# show alarms detail

Alarm Code Attributes Severity Error Description DM DC Object Identity ------------ ------------- --------------------------------------------- -- -- -----------------2200480 Minor No modem detected 13 0 SGR01.Slot0/Port29 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port30 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port31 2200480 Minor No modem detected 13 0 SGR01.Slot0/Port32 1100070 Major Temperature sensor not responding 13 13 SGR01.Board1 ------------------------------------------------------------------------------------------------33 total alarms: 0 critical, 1 major, 32 minor, 0 warning(s), 0 indeterminate 0 filtered alarms: 0 critical, 0 major, 0 minor, 0 warning(s), 0 indeterminate 0 local alarms: 0 critical, 0 major, 0 minor, 0 warning(s), 0 indeterminate ------------------------------------------------------------------------------------------------Legende: DM = Diagnostic module, DC = Diagnostic component , Loc = Local, Flt = Filtered, Chg = Changed severity
12.3 Configuring the diagnostic tests

12.3.1 Configuring activity of a diagnostic test This operation enables or disables diagnostic test. <test> is the diagnostic test program. To enable activity of a diagnostic test: Step 1 2 Mode (EV)# (EV) (Diagnostics)# Command diagnostics set test <test> activity <activity> Purpose Enter into global diagnostics mode. Set the test execution to enable or disable.. Possible test code are 8, 139, 145, 178 and 188.
Example: (EV)# diagnostics (EV)(Diagnostics)#set test 8 activity enable 12.3.2 Configuring priority of a diagnostic test This operation adds priority to a diagnostic test program. Values for priority are: very-high, high, medium or low.
170
User guide (CLI)
To configure the diagnostic test priority: Step 1 2 Mode (EV)# (EV) (Diagnostics)# Command diagnostics set test <test> priority <priority> Purpose Enter into global diagnostics mode. Add diagnostic test priority.
Example: (EV)# diagnostics (EV)(Diagnostics)#set test 8 priority high 12.3.3 Configuring the cyclic time of a diagnostic test This operation configures cyclic time of a diagnostic test program. The <time> parameter must be within the range of 1 to 1,000,000,000 miliseconds. To configure the diagnostic test cyclic time: Step 1 2 Mode (EV)# (EV) (Diagnostics)# Command diagnostics set test <test> time <time> Purpose Enter into global diagnostics mode. Set cyclic time for test.
Example: (EV)# diagnostics (EV)(Diagnostics)#set test 8 time 100000 12.3.4 Displaying the diagnostic test programs To display a list of all diagnostic test programs: Step 1 Mode (EV) # Command show test Purpose Display diagnostic test programs.
Example: (EV)# show test

Test Code ---------8 178 139 145 188 Test Name Time/Period Activity ------------------------ ------------- ---------diskUsageTest 0:01:00.00 Enable RtcControl 0:00:02.50 Enable sgrTemperatureTest 0:02:00.00 Enable sgrEquipmentTest 24:00:00.00 Enable diagDiskFSfunc 24:00:00.00 Enable Priority ---------medium medium medium medium high Running Mode --------------------SGR:cyclic sgr:cyclic SGR:cyclic sgr:cyclic SGR:cyclic sgr:cyclic SGR:cyclic sgr:cyclic SGR:cyclic sgr:cyclic
User guide (CLI)
171
13 Managing DSL tests

This chapter describes how to manage the DSL tests. This chapter consists of the following sections: Understanding Starting SELT tests Starting DELT tests Displaying OLT results
13.1 Understanding
There are two types of DSL tests: On demand tests (ODOLT) SELT and DELT, which must be started before you obtain results, Online tests (OLT), which is running permanently and you can obtain results immediately. 13.1.1 SELT test Single Ended Line Test (SELT) is a command to test and record the copper metrics of a telephone local loop. SELT is being standardized by the ITU-T Study Group 15, Question 4 working group as working document G.selt. In general, SELT is more useful for pre-installation loop qualification because the remote end need not be connected. 13.1.2 DELT test The standards ITU-T G.992.3 and ITU-T G.992.5 contain the DELT (Double Ended Line Testing) diagnostic test that is used when the line is of poor quality, and the operation mode of the receivetransmit unit cannot be established to ensure data transfer (showtime), or when the desired bit rate is not achieved. If the line is of poor quality, then the DELT is usually started by the maintenance staff who manage the network element. 13.1.3 OLT tests Online tests (OLT) display the last obtained results according to the selected parameter.
13.2 Starting SELT tests

Note: In order to successfully start the SELT test, DSL port must be in Quiet state (no CPE or no active CPE present). To start the SELT test on a DSL port: Step 1 2 3 Mode (EV) # (EV)(Config) # (EV)(Interface x/x) # Command configure interface <interface> dsl port selt active Purpose Enter configuration mode. Enter interface mode. Start SELT test on DSL port.
172
User guide (CLI)
Example: (EV)#configure (EV)(Config)#interface 0/2 (EV)(Interface 0/2)#dsl port selt active
Note: SELT test may take a few minutes to complete, typically around 2 minutes.
13.2.1 Displaying the SELT test results To display the last obtained SELT results: Step 1 Mode (EV) # Command show dsl port selt <interface> Purpose Display SELT test results.
Example: (EV) #show dsl port selt 0/2 Port:.............................0/2 Loop type:........................PE 0.5 mm Loop length:......................219 m Loop length fit error:............0 % Loop termination:.................Unknown Noise type:.......................0 DS Capacity:......................143940 kbps DS Noise margin:..................6 dB DS Number of tones used:..........2399 US Capacity:......................96540 kbps US Noise margin:..................6 dB US Number of tones used:..........1609
Note: Capacity is calculated under the assumption of Additive white Gaussian noise (AWGN) of PSD level of -140dBm/Hz.
13.3 Starting DELT tests

Note: In order to successfully start the DELT test, DSL port must be in one of active showtime modes. To start the DELT test on DSL port: Step 1 2 3 Mode (EV) # (EV)(Config) # (EV)(Interface x/x) # Command configure Interface <interface> dsl port delt active Purpose Enter configuration mode. Enter interface mode. Start DELT test on DSL port.
User guide (CLI)
173
Example: (EV)#configure (EV)(Config)#interface 0/1 (EV)(Interface 0/1)#dsl port delt active
Note: DELT test may take a few minutes to complete, typically around 3 minutes.
13.3.1 Displaying the DELT status results To display the last obtained DELT status results : Step 1 Mode (EV) # Command show dsl port delt status <interface> Purpose Display DELT status results.
Example: (EV)#show dsl port delt status 0/1 Port:.................................................0/1 Sub-carrier status: Downstream: Scale factor for linear H(f):..........................15131 Number of sub-carrier groups for linear H(f):..........1 Number of symbols used to measure logaritmic H(f):.....4000 Number of sub-carrier groups for logaritmic H(f):......1 Number of symbols used to measure the QLN(f):..........4000 Number of sub-carrier groups for QLN(f):...............1 Number of symbols used to measure the SNR(f):..........4000 Number of sub-carrier groups for SNR(f):...............8 Maximum attainable data rate:..........................89080 kbps Upstream: Scale factor for linear H(f):..........................33850 Number of sub-carrier groups for linear H(f):..........1 Number of symbols used to measure logaritmic H(f):.....4000 Number of sub-carrier groups for logaritmic H(f):......1 Number of symbols used to measure the QLN(f):..........4000 Number of sub-carrier groups for QLN(f):...............1 Number of symbols used to measure the SNR(f):..........4000 Number of sub-carrier groups for SNR(f):...............8 Maximum attainable data rate:..........................52332 kbps
13.3.2 Displaying the DELT band results To display the last obtained DELT band results: Step 1 Mode (EV) # Command show dsl port delt band <interface> Purpose Display DELT band results.
174
User guide (CLI)
Example: (EV)#show dsl port delt band 0/1 Port: 0/1 Band Line Attenuation [dB] Signal Attenuation [dB] ----------------------------------------------------------------------------US All 3.5 3.5 DS All 7.7 7.6 13.3.3 Displaying the DELT segment results Full VDSL2 spectrum consists of 4096 carriers which are divided into 8 segments of 512 subcarriers. The <parameter> option can be: log: option displays logarithmic transfer function with respect to the carriers in the selected segment, qln: option displays quiet line noise function and snr: option displays signal to noise ratio function with respect to the carriers in the selected segment. The <segment> option is an integer from the set {1,2,...,8}. To display the last obtained DELT segment results: Step 1 Mode (EV) # Command show dsl port delt segment <segment> <parameter> <interface> Purpose Display DELT segment results.
Note: The ------ in the display means that the measurement could not be done for specific subcarriers either because the measured value is outside the represented range, or outside the PSD mask passband. 13.3.3.1 Example for logarithmic transfer function
(EV)#show dsl port delt segment 1 log 0/1

Port: 0/1 Logaritmic transfer function in dB for downstream on the segment 1: Carriers Hlog(carrier) ----------------------------------------------------------------------------------1 9 ------ ------ ------ ------ ------8.7 -7.8 -7.2 -6.9 10 19 -6.7 -6.7 -6.7 -6.8 -6.9 -6.8 -6.7 -6.7 -6.7 -6.7 20 29 -6.8 -6.9 -6.9 -7.0 -7.1 -7.1 -7.2 -7.1 -7.1 -7.2 30 39 -7.2 -7.2 -7.2 -7.2 -7.2 -7.2 -7.3 -7.3 -7.3 -7.3 40 49 -7.3 -7.4 -7.4 -7.4 -7.4 -7.4 -7.4 -7.5 -7.5 -7.5 50 59 -7.5 -7.5 -7.5 -7.6 -7.5 -7.6 -7.6 -7.6 -7.6 -7.6 60 69 -7.6 -7.7 -7.7 -7.7 -7.7 -7.7 -7.7 -7.7 -7.7 -7.7
User guide (CLI)
175
........ Skipped output to save space........

480 490 500 510 489 499 509 512 -20.6 -21.0 -21.0 -21.8 -20.7 -20.7 -21.0 -20.9 -21.1 -21.2 -21.8 ------20.8 -21.0 -21.3 -20.8 -21.0 -21.4 -20.8 -21.0 -21.5 -20.8 -20.9 -21.6 -20.9 -20.9 -21.7 -20.9 -20.9 -21.7 -20.9 -20.9 -21.7
Logaritmic transfer function in dB for upstream on the segment 1: Carriers Hlog(carrier) ----------------------------------------------------------------------------------1 9 ------ ------ ------ ------ ------ ------ ------ ------ -----10 19 ------ ------ ------ ------ ------ ------ ------ ------ ------ -----20 29 ------ ------ ------ ------ ------ ------ ------ ------ ------ ------

370 379 380 389 390 399 400 409 410 419 420 429 430 439 440 449 450 459 460 469 470 479 480 489 490 499 500 509 510 512 -1.1 -0.6 -0.4 -0.3 --------------------------------------------------------1.0 -0.6 -0.4 -0.3 --------------------------------------------------------1.0 -0.6 -0.4 -0.3 --------------------------------------------------------0.9 -0.6 -0.3 -0.2 ---------------------------------------------------0.9 -0.5 -0.3 -0.2 ---------------------------------------------------0.8 -0.5 -0.3 -0.2 ---------------------------------------------------0.8 -0.5 -0.3 -0.2 ---------------------------------------------------0.8 -0.5 -0.3 --------------------------------------------------------0.7 -0.4 -0.3 --------------------------------------------------------0.7 -0.4 -0.3 --------------------------------------------------------
13.3.3.2 Example for quiet line noise function (EV)#show dsl port delt segment 1 qln 0/1
Port: 0/1 Quiet line noise function in dBm/Hz for downstream on the segment 1: Carriers Qln(carrier) ----------------------------------------------------------------------------------1 9 ------ ------ ------ ------ ------ -133.0 -131.5 -130.0 -129.5 10 19 -129.0 -128.5 -128.0 -127.5 -127.0 -126.5 -125.5 -126.5 -126.0 -125.0 20 29 -124.0 -124.5 -123.5 -123.5 -123.5 -123.0 -123.0 -122.5 -123.0 -122.0 30 39 -121.5 -121.5 -121.5 -121.0 -121.0 -120.5 -120.0 -120.5 -119.0 -120.0 40 49 -119.5 -119.5 -119.0 -119.0 -120.0 -120.0 -119.5 -119.0 -119.0 -119.5

490 500 510 499 509 512 -121.0 -120.5 -121.0 -121.0 -121.0 -121.0 -121.0 -121.5 -121.5 -120.5 -121.5 -121.5 -121.0 -121.5 -121.5 -122.0 -122.0 -122.0 -122.0 -122.5 -122.5 -123.5 ------
176
User guide (CLI)
Quiet line noise function in dBm/Hz for upstream on the segment 1: Carriers Qln(carrier) ----------------------------------------------------------------------------------1 9 ------ ------ ------ ------ ------ ------ ------ ------ -----10 19 ------ ------ ------ ------ ------ ------ ------ ------ ------ -----20 29 ------ ------ ------ ------ ------ ------ ------ ------ ------ ------

370 380 390 400 410 420 430 440 450 460 470 480 490 500 510 379 389 399 409 419 429 439 449 459 469 479 489 499 509 512 -102.0 -103.5 -104.0 -104.0 --------------------------------------------------------102.0 -102.5 -104.5 -104.5 --------------------------------------------------------102.0 -103.5 -104.0 -104.5 --------------------------------------------------------102.5 -104.0 -104.5 -104.5 ---------------------------------------------------102.5 -102.5 -104.5 -104.0 ---------------------------------------------------102.5 -104.0 -104.5 -104.5 ---------------------------------------------------102.0 -102.5 -104.0 -120.0 ---------------------------------------------------102.5 -103.0 -104.5 --------------------------------------------------------102.0 -104.5 -105.0 --------------------------------------------------------102.0 -104.5 -104.0 --------------------------------------------------------
13.3.3.3 Example for signal to noise ratio function
(EV)#show dsl port delt segment 3 snr 0/1

Port: 0/1 Signal-to-noise ratio function in dB for downstream on the segment 3: Carriers SNR(carrier) ----------------------------------------------------------------------------------1025 1033 ------ ------ ------ ------ ------ ------ ------ ------ -----1034 1043 ------ ------ ------ ------ ------ ------ ------ ------ ------ -----1044 1053 ------ ------ ------ ------ ------ ------ ------ ------ ------ ------

1504 1514 1524 1534 1513 1523 1533 1536 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0 43.0
Signal-to-noise ratio function in dB for upstream on the segment 3: Carriers SNR(carrier) -----------------------------------------------------------------------------------
User guide (CLI)
177
1025 1033 1034 1043 1044 1053
46.0 47.0 47.0
46.0 47.0 47.0
46.0 47.0 47.0
46.0 47.0 47.0
46.0 47.0 47.0
46.0 47.0 47.0
46.0 47.0 47.0
46.0 47.0 47.0
47.0 47.0 47.0
47.0 47.0

1504 1514 1524 1534 1513 1523 1533 1536 ---------------------------------------------- ------ ------ ------ ------ ------ ------ ----------- ------ ------ ------ ------ ------ ------ ----------- ------ ------ ------ ------ ------ ------ -----------
13.4 Displaying OLT results

The <parameter> option can be: bit: option displays bit allocation function with respect to the carriers in the selected segment, gain: option displays gain allocation function, snr: option displays signal to noise ratio function with respect to the carriers in the selected segment. The <segment> option is an integer from the set {1,2,...,8}. Full VDSL2 spectrum consists of 4096 carriers which are divided into 8 segments of 512 subcarriers. The <segment> option thus represents one of these 8 segments. To display the last obtained online test (OLT) results: Step 1 Mode (EV) # Command show dsl port olt <parameter> <segment> <interface> Purpose Display OLT results.
Note: The ------ in the display means that the measurement could not be done for specific subcarriers either because the measured value is outside the represented range, or outside the PSD mask passband. 13.4.1 Example for bit allocation function
(EV)#show dsl port olt bit 2 0/1

Port: 0/1 Bits per carrier for downstream on the segment 2: Carriers Bits(carrier) -----------------------------------------------------513 521 15 15 15 15 15 15 15 15 15 522 531 15 15 15 15 15 15 15 15 15 15 532 541 15 15 15 15 15 15 15 15 15 15 542 551 15 15 15 15 15 15 15 15 15 15

1002 1011 1012 1021 1022 1024 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
178
User guide (CLI)
Bits per carrier for upstream on the segment 2: Carriers Bits(carrier) -----------------------------------------------------513 521 0 0 0 0 0 0 0 0 0 522 531 0 0 0 0 0 0 0 0 0 0 532 541 0 0 0 0 0 0 0 0 0 0

992 1001 1002 1011 1012 1021 1022 1024 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 13
13.4.2 Example for bit allocation function
(EV)#show dsl port olt gain 2 0/1

Port: 0/1 Gain per carrier in dB for downstream on the segment 2: Carriers SNR(carrier) -----------------------------------------------------513 521 43 56 38 31 64 59 81 67 522 531 121 72 89 102 52 107 83 70 532 541 101 99 72 64 61 130 78 230
86 80 67
80 38

992 1001 1002 1011 1012 1021 1022 1024 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Gain per carrier in dB for upstream on the segment 2: Carriers SNR(carrier) -----------------------------------------------------513 521 0 0 0 0 0 0 0 0 522 531 0 0 0 0 0 0 0 0 532 541 0 0 0 0 0 0 0 0
0 0 0
0 0

992 1001 1002 1011 1012 1021 1022 1024 197 218 209 231 219 197 221 226 223 205 210 221 214 226 204 226 230 218 223 217 225 217 229 225 198 232 216 210 209 203 204 203 192
User guide (CLI)
179
13.4.3 Example for signal to noise ratio function
(EV)#show dsl port olt snr 2 0/1

Port: 0/1 SNR function per carrier in dB for downstream on the segment 2: Carriers SNR(carrier) -----------------------------------------------------513 521 52.5 52.5 52.5 52.5 52.5 52.5 522 531 52.0 52.0 52.0 52.0 52.0 52.0
52.5 52.0
52.5 52.0
52.0 52.0
52.0

992 1001 1002 1011 1012 1021 1022 1024 ------ ------ ------ ------ ------ ------ ------ ------ ------ ----------- ------ ------ ------ ------ ------ ------ ------ ------ ----------- ------ ------ ------ ------ ------ ------ ------ ------ ----------- ------ ------
SNR function per carrier in dB for upstream on the segment 2: Carriers SNR(carrier) -----------------------------------------------------513 521 ------ ------ ------ ------ ------ ------ ------ ------ -----522 531 ------ ------ ------ ------ ------ ------ ------ ------ ------ -----532 541 ------ ------ ------ ------ ------ ------ ------ ------ ------ ------

982 992 1002 1012 1022 991 1001 1011 1021 1024 51.0 51.0 51.5 51.5 50.5 51.5 52.0 51.5 51.0 51.0 51.5 51.5 51.5 51.0 51.0 51.5 51.5 51.0 51.0 51.5 51.5 51.0 51.0 51.0 51.5 51.5 51.5 51.5 51.5 50.5 51.5 51.5 51.5 50.5 51.0 51.0 51.5 51.0 50.5 51.5 51.5 51.0 51.5
180
User guide (CLI)
Iskratel d.o.o., Kranj
Ljubljanska c. 24a, SI 4000 Kranj, Slovenia phone: +386 (0)4 207 2000, fax: +386 (0)4 207 2712
e-mail: info@iskratel.si www.iskratel.com
Iskratel Electronics, Ljubljanska cesta 24a, SI 4000 Kranj, Slovenia, phone: +386 (0)4 207 21 13, fax: +386 (0)4 207 15 35, e-mail: info-ite@iskratel.si, www.iskratel-electronics.si Iskrateling, Ljubljanska cesta 24a, SI 4000 Kranj, Slovenia, phone: +386 (0)4 207 62 76, fax: +386 (0)4 207 62 77, e-mail: info@iskrateling.si, www.iskrateling.com Monis, Oktyabrskoy revolucii str. 99, UA 61157 Harkov, Ukraine, phone: +380 577 15 80 00, fax: +380 577 15 80 16, e-mail: monis@monis.com.ua, www.monis.com.ua Iskrauraltel, Komvuzovskaya str. 9a, 620137 Yekaterinburg, Russian Federation, phone: +7 343 210 69 51, fax: +7 343 341 52 40, e-mail: iut@iskrauraltel.ru, www.iskrauraltel.ru Iskrabel, Harkovskaya str. 1/601, BY - 220073 Minsk, Belarus, phone: +375 17 213 03 36, fax: +375 17 251 74 59, e-mail: pihtin@iskrabel.by Iskracom, Naurizbay batyra 17, office 213, 050004 Almaty, Kazakhstan, phone: +7 327 2917 166, fax: +7 327 2917 166, e-mail: a.nikonov@mail.ru ITS Iskratel Skopje, Kej 13 Noemvri, Kula 4, 1000 Skopje, Macedonia, phone: +389 2 323 53 00, fax: +389 2 323 53 99, e-mail: info@its-sk.com.mk, www.its-sk.com.mk

Vdsl2 C Cli User Guide

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Vdsl2 C Cli User Guide

Încărcat de

Drepturi de autor:

Formate disponibile

SI3000 VDSL2

User guide (CLI)

User guide (CLI)

User guide (CLI)

User guide (CLI)

User guide (CLI)

User guide (CLI)

User guide (CLI)

User guide (CLI)

Configuring Quality of Service ...................................................................................................... 113

User guide (CLI)

User guide (CLI)

User guide (CLI)

User guide (CLI)

User guide (CLI)

About this document

Table 1-1: Document organization

Using the command-line interface User management VLAN configuration

User guide (CLI)

Table 1-2: Conventions for text marking

Command line interface (CLI)

Table 1-3: Conventions for CLI text formatting

Table 1-4: Conventions for keyboard shortcuts usage in CLI

User guide (CLI)

Using the command-line interface

configuration mode VLAN mode insterface mode

EV(Vlan)# EV(Interface <interface>)#

User guide (CLI)

routerid Interface or slot/port logical Interface

Note:. Only the configuration commands are available in the no form.

User guide (CLI)

Command completion and abbreviation

User guide (CLI)

Special key combinations

User guide (CLI)

2.10 Changing the printout limit

User guide (CLI)

2.11 Changing the system prompt

Command set prompt <prompt-string>

Purpose Change the system prompt to <prompt-string>.

Example: (EV)# set prompt VDSL (VDSL)#

User guide (CLI)

Remote authentication dial-in user service (RADIUS)

Configuring local users

User guide (CLI)

User Name ---------admin guest1 3.3.2

User Access Mode ---------------Read/Write Read Only

Setting the user password

User guide (CLI)

Password was changed! (EV)(Config)# 3.3.3 Creating an authentication list

Authentication Login List ------------------------defaultList 3.3.4

Assigning an authentication login list to a user

User guide (CLI)

Example: (EV)# configure (EV)(Config)# users defaultlogin newlist

User guide (CLI)

Configuring RADIUS client

Primary RADIUS server 10.2.10.5

User guide (CLI)

radius server key auth <ipaddr_primary>

radius server retransmit <retries_count>

User guide (CLI)

Example: (EV)# clear radius statistics